NB: This is the ninth post in a series of posts on web application security.

Rounding out this week is the last, but perhaps most important part of the basic security series: staying up to date.

Keeping everything up-to-date is a pain. You have to follow the latest versions of everything you use. And when things just work, it’s hard to justify taking the time to upgrade part of it and make them just work again.

Too bad: it’s critical. A lot of the Django features I mentioned are only in Django 1.4. Though for the big things, like X-Frame-Options, writing or finding code for older versions isn’t too hard.

But the small version increases, the 0.0.1 bumps, those contain important security fixes, and rarely break backwards compatibility.

  1. Stay as up-to-date as you can. Don’t end up on a deprecated major revision or version.
  2. Absolutely keep the patch-level up-to-date. That’s where security fixes land. Not just in Django or Rails, but in lots of little libraries you’ve probably forgotten about.

Next week, we’ll dive into some more advanced gotchas and security issues, mostly from my own experience over the past couple of years. Until then, have a great weekend, and don’t forget to lock your doors.