1 - Overlooked
2 - Dismissed out of laziness
The second one offered a handful of tips. Some really good things that I've never tried before (and in some cases: Never even heard of before) - really shameful. Among these is running the app withOUT admin privileges, and - my favorite - the windows Application Compatibility Toolkit (ACT), as well as some cool tools from sysinternals. I'm currently installing these; let's see what they can do [smile]
The summary, for lazy bums [grin]:
So, let me recap here. Number 1, don't test as admin. Number 2, test on a secure file system. Number 3, don't change hard key local machine or program files. 4, don't store secrets as clear-text. 5, get adequate feature documentation. 6, press the limits of bad data. 7, test on a dual-processor system. 8, know the 20 laws of security. 9, use the various tools at your disposal. And 10, analyze the source code.
One thing to note here is that these are all for testers, who are not necessarily developers. However, with independent and small development houses, developers are the testers.