Geeks With Blogs
GlennLeifheit.com Thoughts derived from Chaos!

Thanks to everyone who helped pack the room at the Fox Valley Day of .NET.   This presentation was designed to help developers understand why secure coding is important, what areas to focus on and additional resources.  You can find the slides here.

Remember to understand what you are really trying to protect within your application.  This needs to be a conversation between the application owner, developer and architect.  Understand what data (or Asset) needs to be protected.  This could be passwords, credit cards, Social Security Numbers.   This also may be business specific information like business confidential data etc.  Performing a Risk and Privacy Assessment & Threat Model on your applications even in a small way can help you organize this process.

These are the areas to pay attention to when coding:
Authentication & Authorization
Logging & Auditing
Event Handling
Session and State Management
Encryption

Links requested

Slides

Books

The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software
Threat Modeling
Writing Secure Code
The Web Application Hackers Handbook 
Secure Programming with Static Analysis

 

Other Resources:

OWASP
OWASP Top 10
OWASP WebScarab
OWASP WebGoat

Internet Storm Center
Web Application Security Consortium

Events:
OWASP AppSec 2011 in Minneapolis

Posted on Saturday, March 5, 2011 2:25 PM | Back to top


Comments on this post: Secure Coding Practices in .NET

# re: Secure Coding Practices in .NET
Requesting Gravatar...
Your talk was awesome. I got tons of information, exactly what I needed from it and more. Thank you, thank you, thank you.
Left by Nicholas Large on Apr 11, 2011 10:41 AM

# re: Secure Coding Practices in .NET
Requesting Gravatar...
Hi, Nice Share . But We need More Sharing from you like Videos and Presentation.
Left by Chandru on Jul 15, 2011 6:54 AM

Your comment:
 (will show your gravatar)


Copyright © SoftwareSecurity | Powered by: GeeksWithBlogs.net