Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Don Kiely on Least Privilege in Vermont

Thursday, July 8, 2004 Comments

 .NET  ASP.NET  Database Development  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

If you happen to be in the Burlington, Vermont area next Monday on July 12, be sure to catch Don Kiely at the Vermont .NET Users Group (one of the best user groups led by the fabulous Julie Lerman) meeting from 6-9 PM. Don is speaking on a topic I am very interested in:  Security through Least Privilege.

ASP.NET apps are server apps, and that means that you need admin privileges to develop them, right? No! In fact, developing apps on a machine where you have admin privileges can lead to some nasty security holes in your app!. Least Privilege is one of the first principles of developing secure applications. But what does it mean? How do you do it? Why is it so critical? This session will explore how to develop apps that give the absolute minimum permissions to every user and login and still meet application and user requirement, as well as explore-gasp!-why developing without admin privileges on your development machine leads to much stronger and secure apps. Least privilege is not easy to use or implement, but in this day and age it is the only way you and your users have reasonable confidence in the security of an application.

Too bad I am not in the area, though I did make the 5-6 hour trip last fall.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook