Software developers need to be aware of security but oh so many aren’t.  Security shouldn’t be an afterthought, it should be right up front with the rest of your project’s requirements and built in from the start.  We should always think about being secure and developing our applications securely.  Nowadays we cannot leave it to the systems administrator to lock down a few files or directories for us, we need to be proactive in our approach and development methodology, as it’s our responsibility just as much to ensure that data about our customers or coworkers is safely kept and transported.  Here's a few security related issues to think about when starting your next development project:

Evaluating Threat Potential & Risk
Preventing SQL Injection
Preventing common attacks (buffer overruns, xss scripting, etc…)
Encrypting data
Securing the layers
.NET Security specifics
    Securing the web.config file,  IIS  & ASP.NET
    Forms, Windows or other authentication types
Database security
Human factors

 

Use the above list (and there’s more to be aware of, but for now this will have to do) in your next project, and you’ve already taken steps to make your apps a little more secure.  I will try to break out some of these items and write more about them in upcoming posts, but this is definitely something to get you started thinking about security, andI cannot stress enough to developers to focus on this area more.