Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Security Talk, Part 1

Saturday, September 20, 2003 Comments

 .NET   Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook   

This past week, I completed the first part of my talks on Security Coding: Best Practices at my work place.  I didn't get as much covered as I had hoped, but we will continue next week.

The talk was about the various ways a hacker can attack a site on the internet.  We dealt with the common threats, and then dived into some developer specific issues such as buffer overruns and cross-site scripting.  We spent a long time talking about buffer overruns and the serious problems they cause (as evident recently with the latest security fixes from Microsoft).  Although buffer overruns are essentially a thing of the past with managed code, the client site I work for still has thousands of lines of C++ code, so it is still a big issue.

The talk went well, and both the developer and QA departments were interested in how to better code against and test security threats.

Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook