|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wayne Browning (wayne
futureit.com)Date: Sat Jan 12 2002 - 15:59:12 CST
Thought this might be helpful....
http://members.rogers.com/razvan.peteanu/best_prac_for_sec_dev4.pdf
"Yasutaka Ito (GrapeCity India)" wrote:
> Hi everyone,
>
> When we talk about security, I think (as a layman) there are two ways
> security
> holes can be created.
>
> 1) Vulnerability in the platform (OS, SQL Server, IIS Server, etc.)
> 2) The way application is implemented or coded
>
> First one is usually difficult to find out (can't quite be doing monitoring
> of network
> and simulating bad attempts), and usually we are reliant on the patches that
>
> are put out by the vendors - e.g. Microsoft.
>
> I think, second one is where we can do something or improve (as developer or
> tester)
> to avoid security holes by knowing how things are supposed to be implemented
>
> and by knowing what kind of security holes can be created if we're not
> careful.
>
> Can someone point me to a place where I can get list of "dos and don'ts"
> about
> such things? I'd appreciate any kind of help.
>
> Thanks,
> -Yasutaka
> GrapeCity India (formerly Bunka Orient India)
> e-mail: yasutakagrapecity.com
> web: http://www.grapecity.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]