Secure Development Series: Peer Reviews

| 0 comments

Stop and consider for a moment what exactly the best way to address web application security is? If you place yourself into the mindset of a hacker you just may find that you find vulnerabilities that you may have otherwise not noticed. In this article, which is a follow-up to Secure Development Series: Input Validation, I will put forth the topic of peer reviews in hopes that you pause and consider what you can do to harden your applications? Just where do the largest number of vulnerabilities reside? While you may think the network poses the greatest risk and at …

Continue reading

Homeland Security’s (DHS) Software Assurance Program

| 0 comments

Continuing with the theme of Software Assurance, I previously shared the January 2012 BITS Software Assurance Framework and now I located some wonderful information sponsored from the Department of Homeland Security (DHS). Security is an area that typically is lacking, underfunded, and often ignored specially in the area of web based solutions. While many organizations do better than others the reality is new vulnerabilities surface every day and it is not enough to take the mindset that your threat surface is minor in nature. To address security you must first understand the risks. The following PDF artifacts are called pocket …

Continue reading

January 2012 BITS Software Assurance Framework

| 0 comments

If you have not yet heard of this framework, I urge you to take the time to give it a serious read. While the executive summary talks to how software is critical to the financial industry the truth is this is true for all aspects of business today. There are a number of interesting points made in this document and for those of you in the software industry it should make you pause for a moment and reflect on your own process. The points are so fundamental that I am alarmed at just how many companies turn a blind eye …

Continue reading

Microsoft Enterprise Library: Caching Application Block

| 0 comments

This is a a second article on the topic of the Microsoft Enterprise Library. If you have not read the previous article titled Microsoft Enterprise Library: Data Access Application Block, I recommend you do so. Introduction to the Caching Application Block The Enterprise Library Caching Application Block lets developers incorporate a local cache in their applications. It supports both an in-memory cache and, optionally, a backing store that can either be the database store or isolated storage. The Caching Application Block can be used without modification; it provides all the functionality needed to retrieve, add, and remove cached data. Configurable …

Continue reading