Clinic 2806

S e c u r i t y - P o s t s
u
d
h
a             ----- Security Posts from Sudhakar's Blog
k
a
r


Clinic 2806: Microsoft® Security Guidance Training for Developers

Now this excellent course is avaiable online for free.
A must for all the .NET Developers who want to write secure code.

" This online clinic provides students with knowledge and skills essential for the creation of applications with enhanced security. Students will learn about the need for implementing security at every stage of the development process and best practices for applying security principles. Students will also learn how to use established threat modeling methodologies and tools with other best practices to minimize vulnerabilities and limit damage from attacks. Finally, students will learn how to implement security features to enhance security for Web applications and Web services that are built by using Microsoft ASP.NET."

Six "Golden Rules of Security"

While reading a course material on secutity I found these “Golden rules of security”

01. Authentication
      Refers to the ability to verify that a user is who he/she says he/she is.

02. Authorization
      Controls what resources an authenticated user can access.

03. Audit
      The ability to keep track of user actions for traceability and diagnosis of possible security weaknesses.

04. Privacy
      Ensures that user data can be viewed only by authorized users.

05. Integrity
      Making sure user data is complete, accurate, avaiable, and has not been manipulated.

06. Non-Repudiation
      Providing evidence that an action has occured so that a user cannot deny that he or she performed it.

There are some Key Security Concerns about security  which are similar to these also avaiable for refernce here.