Home > .NET, Microsoft DevDays > Background reading for DevDays 2004

Background reading for DevDays 2004

In preparation for my presentation at Microsoft DevDays 2004 in Pittsburgh, I have been reading “Writing Secure Code” by Michael Howard and David LeBlanc(which a past colleague, David Williams, pointed me towards). For those of us living in the business application and web application realm, a buffer overrun is something we read about on security bulletins. It was fascinating to read how it all works and how to overcome it. Some great code examples – thoroughly interesting. But don’t leave thinking that this book is only for those dealing with unmanaged code … !

It discusses web application threats including a detailed discussion of SQL injections, cross site scripting attacks, hidden field tampering and also canonical issues. There is also a chapter on securing .NET code which includes requesting permissions programmatically which most people probably don’t even know about. It also details modeling threats and determining your vulnerabilities before and during application development.

Microsoft also offers the following freely available resources:

Categories: .NET, Microsoft DevDays
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: