Robert Hurlbut's Blog

Thoughts on .NET, Security, Architecture, Agility, and Databases.

Syndication

.Company / Other Sites / Other Blogs

.NET Links

.NET Local Boston Events

.NET User Groups in New England

Blogs - .NET

Blogs - Agile

Blogs - Architecture

Blogs - CLR

Blogs - Security

Blogs - SQL Server

Blogs - System.Transactions

Enterprise Services (COM+) Resources

Indigo Resources

Microsoft Security Resources

Presentation resources

Recommended Books

Rotor Resources

Security Resources

A couple of secure coding articles

Some interesting reads I found today on secure coding:

Secure programmer: Call components safely [By way of Dana Epp]

   David Wheeler has released a new article on how to call components safely. He posted this abstract on SCL this morning:

Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.

Sandboxing Components for Impersonation 

Michele Leroux Bustamante talks about separating high privileged code in ASP.NET applications using code access security,  impersonation,  and various other lockdown techniques. Check out her article on TheServerSide.net.

Published Tuesday, December 28, 2004 5:16 PM by RHurlbut
Filed under: , , ,

Comments

# re: A couple of secure coding articles@ Thursday, December 30, 2004 3:53 PM

I finally got around to reading Michele's article, and it was excellent.

by Darrell

# re: A couple of secure coding articles@ Thursday, December 30, 2004 4:07 PM

Same here. I am looking forward to the next one with COM+/ES separation as well.

by Robert Hurlbut