By Jon Lester on April 30th, 2013 // No Comments
If you aren't familiar with it already, Windows Communication Foundation (WCF) is a framework for building service-oriented applications. Using WCF, you can send data from one service endpoint to another making use of a variety of contracts and transport protocols. The messages can be as simple as a single character or word sent as XML, or as complex as a stream of binary data. Service endpoints are commonly hosted using IIS, but can be hosted in other processes as well.
WCF services are a ...
Continue Reading
By Walt Rolle on April 9th, 2013 // No Comments
No matter which agile framework you’re using to manage a custom application development project, the strategy for documenting requirements is consistent: keep it simple and fluid. This approach takes advantage of agile's ability to quickly respond and adapt to changing customer requirements. The Enterprise Architect (EA) software by Sparx Systems contains some tools that may help your team reduce the overhead of capturing design details in a myriad of Word documents, Visio diagrams, and Power ...
Continue Reading
By Pablo Gazmuri on March 19th, 2013 // No Comments
This post concludes our discussion of the Top 10 Secure Coding Principles for custom application development. (Please see this post for the first 5.) Understanding these principles and abiding by them will help ensure you are designing systems for security and writing the safest code possible.
6. Don’t Trust Services / Don’t Trust Infrastructure
External or 3rd party services are services that are not under your direct control. When designing a system to interact with these s...
Continue Reading
By Pablo Gazmuri on March 12th, 2013 // No Comments
Following up on my previous blog post, today we'll be discussing the first five of 10 Secure Coding Principles for custom application development.
Understanding these principles and abiding by them will help ensure you are designing systems for security and writing the safest code possible for custom applications.
1. Minimize Surface Attack Area
Whenever we add functionality to an application which can be triggered or interacted with in some way through network calls, we are increasing th...
Continue Reading
By Pablo Gazmuri on February 19th, 2013 // No Comments
In my last post, I discussed the first five of OWASP’s top 10 security challenges. In this post, I will describe the last five of these challenges. More advanced discussion of these and related topics will follow in the coming weeks.
6. Security Misconfiguration
A security misconfiguration refers to an inadequate system and/or application configuration that compromises security in some way. There are many different types of potential security misconfigurations, usually specif...
Continue Reading
Subscribe to our RSS feed
