All too often when people are
demonstrating sample code, whether you are doing this online or during a
presentation, they have a tendency to take the easy way out and use insecure
coding for their samples. I've been guilty of that in the past as well. All too
often, the the audience may not be aware of the possible security breaches that
could occur if they simply copied and pasted our code. I know that Michael
Howard of "Writing Secure Code" fame is on a mission to eliminate insecure
sample code from both presentations and online samples. From a story that was
posted recently by Brian Johnson, it would appear that this awareness is very
much alive within MSDN as well. Excellent!
In short, when we give demo's,
even though it may be easy or we may think that this is just sample code, just
take the extra time to make sure that the sample code is as secure as possible.
We cannot judge the security awareness of the audience, so it is
better to demonstrate good Secure Coding practices in every piece of code that
we show.
9:54:39 AM 
Comment
Take a look at the security challenges of Web services and how to address
them with security architecture, including what it can offer going forward when
XML traverses firewalls.
[FTPOnline]
Web Services at present are used to a great
extent within the Firewall for Application Integration. One of the challenges
that need to be addressed to move to a Service Oriented Architecture than spans
disparate systems across public networks is the issue of Security. A lot of
vendors, particularly Microsoft and IBM are working on this to make this a
reality.
9:20:12 AM
Comment
