Thoughts derived from Chaos!
posts - 3 , comments - 3 , trackbacks - 0

My Links



Application Security


Community Groups




Saturday, March 5, 2011

Secure Coding Practices in .NET

Thanks to everyone who helped pack the room at the Fox Valley Day of .NET.   This presentation was designed to help developers understand why secure coding is important, what areas to focus on and additional resources.  You can find the slides here.

Remember to understand what you are really trying to protect within your application.  This needs to be a conversation between the application owner, developer and architect.  Understand what data (or Asset) needs to be protected.  This could be passwords, credit cards, Social Security Numbers.   This also may be business specific information like business confidential data etc.  Performing a Risk and Privacy Assessment & Threat Model on your applications even in a small way can help you organize this process.

These are the areas to pay attention to when coding:
Authentication & Authorization
Logging & Auditing
Event Handling
Session and State Management

Links requested



The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
Threat Modeling
Writing Secure Code
The Web Application Hackers Handbook 
Secure Programming with Static Analysis


Other Resources:

OWASP Top 10
OWASP WebScarab

Internet Storm Center
Web Application Security Consortium

OWASP AppSec 2011 in Minneapolis

Posted On Saturday, March 5, 2011 2:25 PM | Comments (2) |

Thursday, July 22, 2010

Secure Software Development Lifecycle

I had the opportunity to speak at TechFuse this week here in the Twin Cities.  Many thanks to the organizers and sponsors of the event.  I presented on The Secure Software Development Lifecycle, a journey to secure software, here are the resources I promised. 




Microsoft’s SDL Site



SANS Internet Storm Center


Posted On Thursday, July 22, 2010 11:32 PM | Comments (1) |

I need to secure my code, now what?

When your suddenly asked to “make your code secure, right now”, you need to know where to go.   This presentation is designed to inform the developers, architects and others where to go to find informative resources in secure development. This was last given at the Twin Cities Code Camp and the Iowa Code Camp during April/May 2010.


Additional Resources:

Posted On Thursday, July 22, 2010 11:31 PM | Comments (1) |

Powered by: