Software developers need to be aware of security but oh somany aren’t. Security shouldn’t be an afterthought, it should be right upfront with the rest of your project’s requirements and built in from thestart. We should always think about being secure and developing ourapplications securely. Nowadays we cannot leave it to the systemsadministrator to lock down a few files or directories for us, we need to beproactive in our approach and development methodology, as it’s ourresponsibility just as much to ensure that data about our customers orcoworkers is safely kept and transported. Here's a few security related issues to think aboutwhen starting your next development project:
Evaluating Threat Potential & RiskPreventing SQL Injection
Preventing common attacks (buffer overruns, xss scripting,etc…)
Encrypting data
Securing the layers
.NET Security specifics
Securing the web.config file, IIS &ASP.NET
Forms, Windows or other authentication types
Database security
Human factors
Use the above list (and there’s more to be aware of, but for now this will have to do) in your next project, and you’ve already taken steps to make yourapps a little more secure. I will try to break out some of these items and write more about them in upcoming posts, but this is definitely something to get you started thinking about security, andI cannot stress enough to developers to focus on this area more.
