Some interesting reads I found today on secure coding:
Secure programmer: Call components safely [By way of Dana Epp]
David Wheeler has released a new article on how to call components safely. He posted this abstract on SCL this morning:
Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.
Sandboxing Components for Impersonation
Michele Leroux Bustamante talks about separating high privileged code in ASP.NET applications using code access security, impersonation, and various other lockdown techniques. Check out her article on TheServerSide.net.
