Skip to main content

Posts

Showing posts from December, 2009

Six Simple rules to make your application hard to hack

I was going through an interesting post on ACE team's blog. I was really impressed the way they have listed few rules to prevent bad guys to check into your application.It is very comprehensive and detailed. The main rules they are talking are: Rule no. 1:Implement a Secure Development Lifecycle in your organisation. Rule no. 2:Implement a centralised input validation system (CIVS) in your organisation. Rule no. 3:Implement input/output encoding for all externally supplied values. Rule no. 4:Abandon Dynamic SQL- This is very contentious issue. The 'Abandon' word has generated a lot of comments supporting and opposing it on the blog . Rule no. 5: Properly architect your applications for scalability and failover Rule no. 6:Always check the configuration of your production servers. For more details please go to: http://blogs.msdn.com/ace_team/archive/2009/12/16/simple-rules-to-stop-bad-guys.aspx