Jump to content
  • Advertisement
Sign in to follow this  
  • entries
    51
  • comments
    129
  • views
    82703

MSDN TV - Security

Sign in to follow this  
Muhammad Haggag

341 views

Watched a couple of episodes today, providing Tips and tricks on security. Both are rather short (total time for both is less than 25 minutes). The first was about the singe rule developers MUST follow: don't trust the data. Trace data entry points in your application, and validate like there's no tomorrow. It's a fine, intuitive idea. However, it's very often either:
1 - Overlooked
2 - Dismissed out of laziness

The second one offered a handful of tips. Some really good things that I've never tried before (and in some cases: Never even heard of before) - really shameful. Among these is running the app withOUT admin privileges, and - my favorite - the windows Application Compatibility Toolkit (ACT), as well as some cool tools from sysinternals. I'm currently installing these; let's see what they can do [smile]

The summary, for lazy bums [grin]:
Quote:
So, let me recap here. Number 1, don't test as admin. Number 2, test on a secure file system. Number 3, don't change hard key local machine or program files. 4, don't store secrets as clear-text. 5, get adequate feature documentation. 6, press the limits of bad data. 7, test on a dual-processor system. 8, know the 20 laws of security. 9, use the various tools at your disposal. And 10, analyze the source code.


One thing to note here is that these are all for testers, who are not necessarily developers. However, with independent and small development houses, developers are the testers.
Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!