• Advertisement
Sign in to follow this  
  • entries
    51
  • comments
    129
  • views
    82607

MSDN TV - Security

Sign in to follow this  

315 views

Watched a couple of episodes today, providing Tips and tricks on security. Both are rather short (total time for both is less than 25 minutes). The first was about the singe rule developers MUST follow: don't trust the data. Trace data entry points in your application, and validate like there's no tomorrow. It's a fine, intuitive idea. However, it's very often either:
1 - Overlooked
2 - Dismissed out of laziness

The second one offered a handful of tips. Some really good things that I've never tried before (and in some cases: Never even heard of before) - really shameful. Among these is running the app withOUT admin privileges, and - my favorite - the windows Application Compatibility Toolkit (ACT), as well as some cool tools from sysinternals. I'm currently installing these; let's see what they can do [smile]

The summary, for lazy bums [grin]:
Quote:
So, let me recap here. Number 1, don't test as admin. Number 2, test on a secure file system. Number 3, don't change hard key local machine or program files. 4, don't store secrets as clear-text. 5, get adequate feature documentation. 6, press the limits of bad data. 7, test on a dual-processor system. 8, know the 20 laws of security. 9, use the various tools at your disposal. And 10, analyze the source code.


One thing to note here is that these are all for testers, who are not necessarily developers. However, with independent and small development houses, developers are the testers.
Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Advertisement