Re: Security Implementation

From: Matjaz Ladava (matjaz_at__nospam_ladava.com)
Date: 06/27/03

• Next message: Peter: "Re: Security Implementation"
• Previous message: Peter: "Security Implementation"
• In reply to: Peter: "Security Implementation"
• Next in thread: Peter: "Re: Security Implementation"
• Reply: Peter: "Re: Security Implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Jun 2003 09:27:42 +0200

The problem with security in today's applications is, that the security is
the last thing people think about. Normally security is built last in the
application and thus making applications insecure. I once read a nice quote
about security: "Security is like taxes, you know you have to do it, but you
always do it in the last minute."

Security must be thought first during application design. If you need a
great reference on security, then read Michael Howard's and David C.
LeBlanc's book Writing Secure Code 2. It is a great book from first page to
the last.
Another great online resources would be Building Secure ASP.NET Applications
available at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp?frame=true
please read it. It will give you some great insights on how security works
in ASP.NET.

Please don't underestimate the importance of the security especially if you
are building an Internet Commercial site.

-- 
Regards
Matjaz Ladava, MCSE (NT4 & 2000)
matjaz@ladava.com
http://ladava.com
"Peter" <bjerkley@yahoo.com> wrote in message
news:08fa01c33c65$142e54d0$a101280a@phx.gbl...
> Hi,
>
> I am trying to develop a commercial site and I've had some
> discussions with a few people about when to implement the
> security for the site.  Some of my friends think that
> security implementation should be done after all the aspx
> pages have developed, yet some say that it's best to
> develop it up-front.  Could somebody tell me what is the
> sequence of activities for the security implementation and
> when it should be done i.e. beginning of the project or at
> the end of the project and what is the difference?
>
> Thanks,
> Peter

• Next message: Peter: "Re: Security Implementation"
• Previous message: Peter: "Security Implementation"
• In reply to: Peter: "Security Implementation"
• Next in thread: Peter: "Re: Security Implementation"
• Reply: Peter: "Re: Security Implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Active Directory/HIPPA Question ... The client ... > roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ... (microsoft.public.win2000.general) RE: New Whitepaper - "Second-order Code Injection Attacks" ... I make no claims that this a previously "undiscovered" security flaw. ... code injection into web applications. ... differentiate between the code injection attacks - and to explain their ... (Bugtraq) Re: Testing MS Security Patches? ... >implementing MS security updates on production systems. ... be to test those applications on which your business depends. ... Download the patch. ... (microsoft.public.security) Re: Active Directory/HIPPA Question ... roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ... >> I have a potential client who is mulling whether or not to invest a ton ... (microsoft.public.win2000.general) Re: Security ... >Patches for linux, or the kernel, or applications? ... the security of one OS against another, in absence of any other data. ... MS and Linux satisfy two mostly different niches in the computing world. ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint