Writing Secure Code -- Links -- October 31,2008
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on Nov 02, 2008
A little late because of travel.
Secure database authentication in ADO.NET applications -- This article covers various options connecting to databases in the ADO.NET framework. I don't know if I completely agree with everything in the article, but I don't know enough about ADO.NET to give better alternatives.
Browser Security - bolt it on, then build it in -- This is a very good op-ed on the challenges of browser security - but focused more on the real challenges browser developers face. It will also be interesting to see if in the next 5 years as technologies like Infocards and OpenID and IGF are adopted -- do these make a real difference. My current hypothesis is that 10 years from now, there will still be malware but it will be much less. And that we'll look on today's Web security in the same way we look back at medicine prior to the acceptance of germ theory. Nasty place that thankfully we don't live in.
The Security Development Lifecycle: Sexy Development Lifecycle -- Another op-ed type piece. This one touches on the fact that most developer's who attend security conferences don't actually go there to learn security - they go to learn (or see) how to break things. In other words "coding as magic show". And the author wonders "is there a way to make this topic more exciting". I can answer him - "no". At least not to the average developer. The average developer wants to learn how to do something cool or useful. And frankly wouldn't expect it (or necessarily want it) any other way. I believe the real answer is to just make basic security practices a standard expected piece of developer training and combined with proper frameworks.