Naive securty faults
Today I was as speaker @ Microsoft Architect Forum. Security practices talk.
Definitively, there are many naive security faults that IT Managers, Architects, Designers, Coders and testers do while construct software.
The basics include:
- Principle of less privilege problems à users can do more than they need.
- Assume that a firewall is a complete security solution.
- No antivirus or software patches updates.
- Buggy code
- There are more options in apps than most of the user really use.
- Trusted user input (what an error!!!)
- Fool cryptography (key management, crypto algorithms)
- Think that technology is the security solution (in most of the cases, the problem starts with people and processes)
- Bad use of security tools provided by the platform
Those are the most important conclusions.
Keep them in mind.
Ricardo González Vargas
Software Development Consultant
Microsoft Regional Director
Microsoft Most Valuable Professional