So what is security?
Security is protecting against attackers who illegally exploit vulnerabilities in your system for their own purposes. Attachers might want to steal data for financial gain, stop customers being able to buy from you or cause damage to your reputation. They could be internal or external to your company. There are different types of security, for example, application security, network security, or security of the physical environment. Like your office building or work area.
Have you got any examples?
An example of application security is input sanitization, which can help protect against cross site scripting, and SQL injection attacks. A secure system should also not allow users to access features that they aren't meant to see, or unauthorized users to log on at all. An example of network security might be a firewall controlling traffic to and from the internet.
What's the value of good security?
Ensuring we build secure systems means our data and our customer's data is protected and it cannot be misused by attackers. Cyber attacks which exploit insecure systems can cost businesses a lot of money and reputational damage.
And what are the pitfalls?
Security often gets forgotten or left until the end when it's too late to fix. In the same way, no non trivial application is bug free, no application can be a hundred percent secure. If you want to practice security testing techniques, you must be careful to only do so on sites or applications where you have permission.
