I am assuming you have seen what I think is one of the best guides to building secure web apps out there?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ThreatCounter.asp
If you haven't take a look. Its .NET focused but there is a lot of very good big picture stuff such as threat modeling and design that relevant to any technology.
Cheers
Mark
---- Curt Purdy <purdy_at_tecman.com> wrote:
> > I am aware of the different guidelines that have been issued
> > by Microsoft
> > and @stake has performed an independent evaluation of the
> > .NET Framework
>
> I don't know how you can call the @stake evaluation "indedpendent" when they
> have been bought and paid for by Microsoft to the point that they fire their
> CTO after he wrote a truly independent paper, "Cyberinsecurity: The Cost of
> Monopoly".
>
> Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
> Information Security Engineer
> DP Solutions
>
> ----------------------------------------
>
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- White House cybersecurity adviser Richard Clarke
>
>
>
Received on Oct 09 2003
Intro
