Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

A couple of secure coding articles

Tuesday, December 28, 2004 Comments

 .NET  ArchitecturePatterns  ASP.NET  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

Some interesting reads I found today on secure coding:

Secure programmer: Call components safely [By way of Dana Epp]

   David Wheeler has released a new article on how to call components safely. He posted this abstract on SCL this morning:

Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.

Sandboxing Components for Impersonation 

Michele Leroux Bustamante talks about separating high privileged code in ASP.NET applications using code access security,  impersonation,  and various other lockdown techniques. Check out her article on

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook