I found this article today and I must say that for a relatively short article, they hit the major points very well and many with example (What Not To Do) code fragments.  Although I knew several of these tips from previous readings on the subject, there were a could that I didn't know or fully understand how my code could be attacked.  Again, it's a short read with some nice examples.  If you have the time, give it a quick "once over" to make sure that you are doing the basics to protect your code.

Subscribe to Sheltonblog.com

↑ Grab this Headline Animator

Description from the article:

There are many ways to get into trouble when it comes to security. You can trust all code that runs on your network, give any user access to important files, and never bother to check that code on your machine has not changed. You can run without virus protection software, not build security into your own code, and give too many privileges to too many accounts. You can even use a number of built-in functions carelessly enough to allow break-ins, and you can leave server ports open and unmonitored. Obviously, the list continues to grow. What are some of the really important issues, the biggest mistakes you should watch out for right now so that you don't compromise your data or your system? Security experts Michael Howard and Keith Brown present 10 tips to keep you out of hot water.

Link to the article:  (Click here to read)

Contents of the article:

1. Trust User Input at Your Own Peril
2. Protect Against Buffer Overruns
3. Prevent Cross-site Scripting
4. Don't Require sa Permissions
5. Watch that Crypto Code!
6. Reduce Your Attack Profile
7. Employ the Principle of Least Privilege
8. Pay Attention to Failure Modes
9. Impersonation is Fragile
10. Write Apps that Non-admins Can Actually Use

 

~ Robert Shelton

Technorati Tags: ,,