The code you're writing today will be part of tomorrow's security threats. In our latest DevSource video, author Mark Burnett helps you set the fundamentals correctly.
|
Episode 5: A Constitution for Software Security
>> See all videos in this series
|
|
Every developer struggles with the need to add better application security. Yet, even if you're familiar with the techniques — the topic was rarely part of a computer science college curriculum — budget and deadline pressures are a constant problem. If security features are the last element added to the application, it's apt to be one of the first to go when time gets tight.
In our latest DevSource video, author and consultant Mark Burnett tackles the real-world questions. Burnett, who specializes in Windows security, is the author of Hacking the Code: ASP.NET Web Application Security, co-author of Stealing The Network: How to Own the Box, and co-author of Maximum Windows 2000 Security. He shares advice for developers who want to ensure their code isn't the weak link in the chain, addressing such issues as password practices (includng what's wrong with the "secret question" most sites use), Microsoft's choices of security over usability, and the impact of government regulations on the disclosure of corporate security breaches.
Burnett suggests a software security consitition to set the acceptable rules for application development. And he talks about what's changing in the hacking community (it's not the skills, he says, but who is doing it and what motivates them). It's fascinating stuff, even if security topics don't usually attract your attention.
"We're writing the code today for tomorrow's security threats," Burnett warns.
To watch the video in Windows Media Player, click here.
Watch all the videos in the Great Minds in Development series!
Tell us what you think of the video (and the series!) in the DevSource Forum.
Techniques 
