A word about security

When working with UAG, and especially when customizing it, one must keep in mind that a UAG server will typically sit on the public Internet, listening for incoming HTTP and HTTPS connections. The product has gone through several development cycles, rigorous testing, and deployments, and is considered to be extremely secure out of the box. However, a single line of bad code could jeopardize the entire server, while potentially leaving your gateway open to risk and compromise.

Talking about writing secure code is beyond the scope of this book, of course, but we strongly recommend that even if you are a seasoned web developer, you should go through secure-coding training, or at least a refresher course. In today's marketplace, your company or customers are usually constantly scanned by one of many hackers and hacking groups, and the risks of customer data exposure or public humiliation are enormous. This means not only being careful about what you create, but also thinking about having a third-party analyze your work, or even perform pen-testing on it. We all want to sleep better at night, don't we?