The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

.NET Buzz Forum
Sample Application Security

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Robert Hurlbut

Posts: 547
Nickname: rhurlbut
Registered: Mar, 2004

Robert Hurlbut is a Principal Consultant with Hurlbut Consulting
Sample Application Security Posted: Jan 26, 2005 6:22 PM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Robert Hurlbut.
Original Post: Sample Application Security
Feed Title: Robert Hurlbut's .Net Blog
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx
Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases 		Latest .NET Buzz Posts
Latest .NET Buzz Posts by Robert Hurlbut
Latest Posts From Robert Hurlbut's .Net Blog

Advertisement

Keith Pleas wrote an interesting article for MSDN: Guidance on Patterns & Practices: Security [by way of Julie Lerman]

In the article, Keith talks about some of the things I have mentioned in my own blog before:

There are too many samples out there with bad security practices that have become production code in one form or another.

or, as Keith states it:

"A familiar aphorism states that "If all you've got is a hammer, everything looks like a nail." Well then, is it any surprise that a lot of production Web applications look like the demo samples? What is clearly needed is a new generation of real-world sample applications that are designed and built using the "best practices" not just for security (our focus here), but for robustness, scalability, testing, and deployment; in fact, of all phases of the software development lifecycle. It is also important to recognize that this guidance will improve over time until it ultimately becomes part of the underlying platform." 

In the article, he mentions we have bad samples and very large books on secure practices with very little in between. Most new developers (and some seasoned developers in a hurry) will pick up the sample, marvel at how simple it is, tweak it a little, and deploy it as a production application. Keith offers the current Patterns and Practices Group's Enterprise Development Reference Architecture (EDRA) project (previously known as "Shadowfax") as a sample that tries to provide some security best practices examples. I haven't looked at this in awhile, but what I remember seeing was pretty good.

What I liked best about the article was Keith's analysis of the previous and existing samples offered by Microsoft. While not as thorough as I would have liked, it was a good example that all developers should get in the habit of practicing. Anytime you are tempted to use a sample application for anything other than a learning process, be sure to examine it very carefully for security holes. In fact, examine your own code regularly and with others. You owe yourself and your users nothing less.

Read: Sample Application Security

Topic: Robot rules Previous Topic   Next Topic Topic: CruiseControl.NET v0.8 released
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use