You may have heard last week about makeITsecure day, an initiative that united the Irish government with a number of organizations, including Microsoft. As part of the campaign, we were out – on the streets, in the schools, and at a number of high-profile events – discussing issues like phishing, spyware, identity theft, child safety online, and other risks. Our mutual goals included raising awareness, offering useful tips, and giving people in the broader community a chance to ask the tough security questions they’ve always wanted to ask.
For those of us in the development community, we know that every day is makeITsecure day. We see security as part of process, not something bolted on, and certainly not something we can forget without dire consequences. We need to understand the issues at play on a much deeper level, plan ahead, and be vigilant.
These days, we have the good fortune of having exceptional tools to help us design and implement more secure systems. In Visual Studio Team System demos, I particularly like to focus on how the Team Architect system diagrams allow an architect to check for best practices and identify potential threats before a line of code is written, and long before anything is deployed into the data center. As another example, the static code analysis of Team Developer helps catch common gotchas at compile time – problems which may otherwise lead to vulnerabilities like a buffer overrun, or a SQL Injection Attack.
I’m currently reading about security implementations in the Windows Communications Framework. I was pleasantly surprised to see how you can integrate the ASP.NET 2.0 provider models into WCF authentication!
But I’m sure you all have your own personal focus for security interests. It’s worth taking a look at the subsection of the MSDN site that’s devoted to security: http://msdn.microsoft.com/security/ And here is an MSDN site devoted to security issues of particular interest to Irish developers: http://www.microsoft.com/ireland/security/