Secure Coding Practices in .NET
- by SoftwareSecurity
Thanks to everyone who helped pack the room at the Fox Valley Day of .NET. This presentation was designed to help developers understand why secure coding is important, what areas to focus on and additional resources. You can find the slides here. Remember to understand what you are really trying to protect within your application. This needs to be a conversation between the application owner, developer and architect. Understand what data (or Asset) needs to be protected. This could be passwords, credit cards, Social Security Numbers. This also may be business specific information like business confidential data etc. Performing a Risk and Privacy Assessment & Threat Model on your applications even in a small way can help you organize this process. These are the areas to pay attention to when coding: Authentication & Authorization Logging & Auditing Event Handling Session and State Management Encryption Links requested Slides Books The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software Threat Modeling Writing Secure Code The Web Application Hackers Handbook Secure Programming with Static Analysis Other Resources: OWASP OWASP Top 10 OWASP WebScarab OWASP WebGoat Internet Storm Center Web Application Security Consortium Events: OWASP AppSec 2011 in Minneapolis
