S e c u r i t y - P o s t s
a   ----- Security Posts from Sudhakar's Blog
Clinic 2806: Microsoft® Security Guidance Training for Developers
Now this excellent course is avaiable online for free.
A must for all the .NET Developers who want to write secure code.
" This online clinic provides students with knowledge and skills essential for the creation of applications with enhanced security. Students will learn about the need for implementing security at every stage of the development process and best practices for applying security principles. Students will also learn how to use established threat modeling methodologies and tools with other best practices to minimize vulnerabilities and limit damage from attacks. Finally, students will learn how to implement security features to enhance security for Web applications and Web services that are built by using Microsoft ASP.NET."
Six "Golden Rules of Security"
While reading a course material on secutity I found these “Golden rules of security”
Refers to the ability to verify that a user is who he/she says he/she is.
Controls what resources an authenticated user can access.
The ability to keep track of user actions for traceability and diagnosis of possible security weaknesses.
Ensures that user data can be viewed only by authorized users.
Making sure user data is complete, accurate, avaiable, and has not been manipulated.
Providing evidence that an action has occured so that a user cannot deny that he or she performed it.
There are some Key Security Concerns about security which are similar to these also avaiable for refernce here.