[from msdn security development center]
Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users
Michael Howard
This article discusses:
Identifying and reducing attack surface
Reducing the amount of code executing by default
Reducing the volume of code accessible to untrusted users
Limiting damage if hackers do attack your code
ode fails. It's a sad fact of life. In the industry, we worry a lot about improving code quality. While code quality is exceptionally important, most code will eventually fail so we cannot focus exclusively on getting the code right. Imagine for a moment your code is perfect. It's only perfect by today's standards—a snapshot of best practices at the time it was developed. Yet the vulnerability research landscape is constantly evolving. Four years ago, integer overflow attacks were almost unheard of; now they are the attack de jour! Imagine broadening the scope to all the code you've ever delivered to customers.
Read the full article Here
No comments:
Post a Comment