Security is a complex issue and still a challenge for developers and designers. Security is one of those practices that “must be there at the beginning”. It is extremely difficult and costly to secure an application while it’s in “testing” stage, not mentioning the risks.
Writing secure code in not easy if you have limited resources, tools and guidelines. I am regularly receiving questions from my clients, friends and old colleagues about security; majority of those questions are around guidelines and practices. That’s why I am posting this article as a starting-point which covers the fundamental topics around security.
Use the following guidelines in your design and development stages to help you.
.NET Framework 2.0 Security Guidelineshttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0003.asp
ADO.NET 2.0 Security Guidelineshttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0002.asp
ASP.NET 2.0 Security Guidelineshttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0001.asp
One of the practices I found very useful over the years is making “Security Review” one of the fundamental practices in your development methodology; it doesn’t matter which one it is, MSF, RUP, Scrum, XP etc. And try to use the following checklist as quality criteria for your code. Trust me it works!
.NET Framework 2.0 Security Checklisthttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagck0003.asp
ADO.NET 2.0 Security Checklisthttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagck0002.asp
ASP.NET 2.0 Security Checklisthttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagck0001.asp
If you are interested in integrating security into your development lifecycle as I mentioned earlier, and looking for a one-stop reference on security then download Developer Highway Code here: http://go.microsoft.com/?linkid=4509402 extremely useful one-stop-reference:
And lastly, raise “Security Awareness”; do talk about it, do ask questions about it, do tell stories about it, do encourage your colleagues and managers and don’t afraid of it. There is no “Best” in security space but there is always “Better”.