I was going through an interesting post on ACE team's blog. I was really impressed the way they have listed few rules to prevent bad guys to check into your application.It is very comprehensive and detailed.
The main rules they are talking are:
Rule no. 1:Implement a Secure Development Lifecycle in your organisation.
Rule no. 2:Implement a centralised input validation system (CIVS) in your organisation.
Rule no. 3:Implement input/output encoding for all externally supplied values.
Rule no. 4:Abandon Dynamic SQL- This is very contentious issue. The 'Abandon' word has generated a lot of comments supporting and opposing it on the blog.
Rule no. 5: Properly architect your applications for scalability and failover
Rule no. 6:Always check the configuration of your production servers.
For more details please go to: http://blogs.msdn.com/ace_team/archive/2009/12/16/simple-rules-to-stop-bad-guys.aspx
openxadvertising.com Mass Malvertising Campaign
15 hours ago