Saturday, March 12, 2011

Web coding threat


Cloud computing is based on the Internet landscape. The threats within the Internet may be growing, but our ability to write efficient web secured code provides a significant advantage to the end users.

Microsoft pattern and practices talks about improving web application security: Threats and Countermeasures gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient. Itz published at http://msdn.microsoft.com/en-us/library/ff649874.aspx


It shows you how to review code built using the .NET Framework for potential security vulnerabilities. It shows you the specific review questions to ask and discusses the tools that you should use. In addition to general coding considerations, it contains review questions to help you review your applications for cross-site scripting, SQL injection and buffer overflow vulnerabilities

Code reviews should be a regular part of your development process. Security code reviews focus on identifying insecure coding techniques and vulnerability that could lead to security issues. The review goal is to identify as many potential security vulnerability as possible before the code is deployed. The cost and effort of fixing security flaws at development time is far less than fixing them later in the product deployment cycle.

No comments:

Post a Comment