You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > Programming Languages

MSDN Architecture Webcast: Using Security Code Reviews to Quickly and Effectively Improve the Security of Your Applications (Level 200)

Tags:
programming languages

Overview Security code reviews can play a critical role in improving the quality of an application. However, performing such reviews is not an easy task. This webcast begins with a discussion of who should perform the security code review and how the process should be managed, especially when dealing with millions of lines of code. It defines the major categories of vulnerabilities, show what to look out for, and describe how to go about identifying issues using threat modeling. The difference between flaws and bugs is explained, and potential countermeasures are discussed at both tactical and technology-specific levels. It also provides a brief overview of the automated tools available to help with code reviews.

Further White Paper Details
Publisher	Microsoft
Live Date	24th May 2006 00:00 BST
Format	Webcast
Topics	Programming Languages, Security Management, Application Development

Did you find this white paper useful? 2 out of 3 users found this white paper useful

Configuring Team System for Your Environment

Publisher:
Microsoft

MSDN Webcast: Look What You Can Do With Silverlight 2 (Part 3 of 6): Introducing Deep Zoom (Level 200)

Publisher:
Microsoft

MSDN Webcast: Programming a Full-Blown AJAX Enterprise Application in 20 Minutes (Level 100)

Publisher:
Microsoft

MSDN Webcast: ADO.NET Data Services Overview (Part 1 of 2) (Level 100)

Publisher:
Microsoft

MSDN Webcast: geekSpeak: T-SQL Tips and Tricks in SQL Server 2008 With Andrew Karcher (Level 200)

Publisher:
Microsoft

The Ovum View: The wireless LAN security nightmare

The WEP algorithm has some serious and fundamental flaws that were not realised at the time. Although RC4 is used successfully elsewhere, the implementation decisions made in WEP exposed its inherent vulnerabilities.

Channel:
Comment & Analysis

Consultancies must change to keep-up with web services

Consultants also play an important role in marrying the underlying integration technology with knowledge of the specific business processes that need to be automated. But the ZapThink report suggests that as the improved integration of web services...

Open source bugs threaten digital signatures

The flaws lie in the open-source GNU Privacy Guard software, also known as GnuPG and GPG, the GnuPG group said in two alerts. For example, a miscreant could add information to a security alert sent via email or forge the digital signature on...

Mac OS X gets security fix

Apple on Tuesday released an update for its Mac OS X that repairs several security flaws and includes feature updates. The security flaws lie in various components of Mac OS X, Symantec said. Apple late on Tuesday on its security website said the...

Public sector lacks data-security sense

There is also a lack of awareness of technical countermeasures, system infrastructure, threats and vulnerabilities, how to improve skills and competencies, and how to perform risk analyses, according to the CSIA member.

Broadband summit: Speed is the key

Timms added the debate had been "a constructive and open discussion which anticipated the demand for reliably faster and more symmetrical broadband". Discussion is certainly underway on the future of broadband Britain, said ISPA's spokesman...

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.