Naive securty faults

Today I was as speaker @ Microsoft Architect Forum. Security practices talk.

 

Definitively, there are many naive security faults that IT Managers, Architects, Designers, Coders and testers do while construct software.

 

The basics include:

 

-          Principle of less privilege problems à users can do more than they need.

-          Assume that a firewall is a complete security solution.

-          No antivirus or software patches updates.

-          Buggy code

-          There are more options in apps than most of the user really use.

-          Trusted user input (what an error!!!)

-          Fool cryptography (key management, crypto algorithms)

-          Think that technology is the security solution (in most of the cases, the problem starts with people and processes)

-          Bad use of security tools provided by the platform

 

Those are the most important conclusions.

 

Keep them in mind.

 

Cheers.

 

Ricardo González Vargas

Software Development Consultant

Microsoft Regional Director

Microsoft Most Valuable Professional

http://www.devsynergy.net

rgonzalez@mvps.org

Published Tue, Oct 11 2005 19:10 by Ricardo Gonzalez Vargas

Comments

# Naive securty faults

Pingback from  Naive securty faults

Wednesday, November 28, 2007 3:53 AM by Naive securty faults

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: