This post originated from an RSS feed registered with .NET Buzz
by Robert Hurlbut.
Original Post: Don Kiely on Least Privilege in Vermont
Feed Title: Robert Hurlbut's .Net Blog
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx
Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases
If you happen to be in the Burlington, Vermont area next Monday on July 12, be sure to catch Don Keily at the Vermont .NET Users Group (one of the best user groups led by the fabulous Julie Lerman) meeting from 6-9 PM. Don is speaking on a topic I am very interested in: Security through Least Privilege.
ASP.NET apps are server apps, and that means that you need admin privileges to develop them, right? No! In fact, developing apps on a machine where you have admin privileges can lead to some nasty security holes in your app!. Least Privilege is one of the first principles of developing secure applications. But what does it mean? How do you do it? Why is it so critical? This session will explore how to develop apps that give the absolute minimum permissions to every user and login and still meet application and user requirement, as well as explore-gasp!-why developing without admin privileges on your development machine leads to much stronger and secure apps. Least privilege is not easy to use or implement, but in this day and age it is the only way you and your users have reasonable confidence in the security of an application.
Too bad I am not in the area, though I did make the 5-6 hour trip last fall.
Previous Topic
