Static Code Analysis Toolsets

| 0 comments

In keeping with my last couple of post on Security Development Lifecycle I thought I would put together a list of free and commercial products. While there are many other products out there this should be enough to get you thinking about how you can analyze your code before shipping. .NET FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements. Many of the issues concern violations of the programming and design rules set forth in the …

Continue reading

Reading Club: The Art Of Unit Testing

| 0 comments

This month my recommendation for reading is The Art of Unit Testing by Roy Osherove. This book was originally published back in May 2009 and if you’re like me and never took the time to read it before then I urge you to do so. I am about 40% complete reading this book and I only picked it up a couple days ago. If you want to learn more in the aspect of Unit Testing this book has you covered. I like the fact that Roy starts out small and builds upon unit testing in each chapter. It is amazing …

Continue reading

Security Development Lifecycle: Introduction

| 0 comments

I am not entirely sure how many parts of this subject there will be however, I felt I had to start somewhere. Basically I would like to use this series as an opportunity to interact with you on the level of sharing Security Development Lifecycle (SDL) methodologies. In other words, is SDL important, what tools do you employ, how do you approach education, and most importantly with the ever changing security threats how does one stay current? How would you answer these questions? To answer my first question, SDL is absolutely important and as I see this subject it is …

Continue reading

Security Development Lifecycle Design

| 0 comments

Later this month, I will be attending a one day event held by Microsoft in New York, New York on the subject of Security Development Lifecycle. The speaker is Doug Cavit, Principle Security Strategist at Microsoft Corp. Discussions will based upon include discussions based on Customer Focused Design principles and The Ishikawa Method. Both methodologies should facilitate a highly interactive discussion while driving to actionable results. In other words it should be exciting. In the spirit of Security Development Lifecycle, I have put together a handful of resources that I hope you find informational: Code Access Security What’s New in …

Continue reading