… But a colleague of mine once said that it is just almost the same as clicking the build button in an IDE.
So if I am tasked of deployment and no one else is to guide me, I will just google how to do it.
Today, perhaps the only method I have in mind to honestly estimate the time to be spent to finish a project is to do at least two of the most important features of the app, then use the time spent on those two features to estimate the time that will be spent on the whole project.
But even then, my estimates might still be far from accurate.
When it comes to security, I only know about SQL injection, and I know that it can be prevented by not using string concatenation when building SQL queries. But even though I know that using string concatenation is wrong when building SQL queries, I still do it sometimes — when I’m tired or bored, and there is an existing code in the project that I can just copy-and-paste. But if you already have a set of guildelines for coding which I need to follow, or you practice code review or pair programming, then this will not be a problem.
Oh, I also know about not storing passwords in plaintext, but instead hashing them before storing them. And I also know about not sending forgotten passwords to users (because, of course, if we do not store passwords as plaintext, we will not know what password to send to them), but instead send them link to a form/resource that will let them change their passwords.
I also read in the past about Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF), but I have to review them to bring them back to mind.
But I have a copy of the book “Foundations of Security: What Every Programmer Needs to Know” (but I have read only some chapters from it). So if you need me to become familiar with software security when working at your company, I can start with this book (or with any material you can recommend me to consume).
Thank you for your time!