Geeks With Blogs

News Dave's Mug View David Oliver's profile on LinkedIn Add to Technorati Favorites Blog Directory for Guildford, Surrey
Dave Oliver's Blog Enterprise Technology Thought Leadership in a FTSE 100

Microsoft UK's new developer security education website's main character 'Developer Dave' is not modelled on me, honest guv'nor!

The site can be found here.

The message is actually very clear that it is easy to ignore security in your developments. It's not just developers that produce website that face the Internet that are ay risk, but as many recent surveys have pointed out the largest risk of security breeches comes from inside in organisation. I'm not saying you can't trust your fellow workers, but I am saying protect your systems!

The best way to start including security is right at the start of a project by performing a STRIDE model,


Term

Definition

 

Spoofing identity

Illegally obtaining access and use of another person's authentication information, such as a user name or password.

 

Tampering with data

The malicious modification of data.

 

Repudiation

Associated with users who deny performing an action, yet there is no way to prove otherwise. (Non-repudiation refers to the ability of a system to counter repudiation threats, and includes techniques such as signing for a received parcel so that the signed receipt can be used as evidence.)

 

Information disclosure

The exposure of information to individuals who are not supposed to have access to it, such as accessing files without having the appropriate rights.

 

Denial of service

An explicit attempt to prevent legitimate users from using a service or system.

 

Elevation of privilege

Where an unprivileged user gains privileged access. An example of privilege elevation would be an unprivileged user who contrives a way to be added to the Administrators group.


Now I'm not going to tell you how to do this model ... you really MUST buy this book (Writing Secure Code, Second Edition) to do it properly! It is a must have for any .Net developer!

Also perform a STRIDE evaluation on your existing systems to discover how secure they are now!

And remember the two biggest school boy error are,

1) Run under Administrator priviledges on your development PC. Learn to use the 'Run As' command here !

2) Don't run your development projects under Full Trust.

Posted on Friday, December 2, 2005 5:45 PM Development Technologies | Back to top


Comments on this post: Developer Dave is not modelled on me!

Comments are closed.
Comments have been closed on this topic.
Copyright © Dave Oliver | Powered by: GeeksWithBlogs.net