Comment by dimitri-vs
3 hours ago
Maybe I'm being dumb but that reads very contradictory? I would say that security is explicitly a matter of adding particular things.
3 hours ago
Maybe I'm being dumb but that reads very contradictory? I would say that security is explicitly a matter of adding particular things.
Not an OP, but seems like you might be talking about different things.
Security could be about not adding certain things/making certain mistakes. Like not adding direct SQL queries with data inserted as part of the query string and instead using bindings or ORM.
If you have insecure raw query that you feed into ORM that you added on top - that's not going to make query more secure.
But on the other hand when you're securing some endpoints in APIs you do add things like authorization, input validation and parsing.
So I think a lot depends on what you mean when you're talking about security.
Security is security - making sure bad things don't happen and in some cases it's different approach in the code, in some cases additions to the code and in some cases removing things from the code.