Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: .Net and security

from [Damhuis Anton] Network Security [Permanent Link]
Subject: RE: .Net and security
Date: Thu, 25 Nov 2004 07:51:20 +0200 

Hi Michael

I have had the same, problem, and usually it the person that has done his MCSD.

I believe, that one should understand the reason behind the best practice, and 
implement if appropriate. If one is not open to alternatives, how is one going 
to improve oneself.

There are a few things I can not be negotiated on, but anybody can ask me for 
the reasons.

I worked on Site Server (V3) a long time ago. We had an audit done on the 
system, and the results were very poor. The customer lost a lot of confidence 
in us. We only later found out about this and when we explained why certain 
thing were done certain ways all was ok again.

Most of the reasons were that it was passed (on the customer's request) on Site 
Server, and a framework store supplied by MS. Since we had to work within this 
framework, we had to do it a certain way.

But an answer that "MS said it is a good practice" does not fly with me. If 
someone can not tell me WHY it is a good practice, I do not believe them.

Regards
  Anton


-----Original Message-----
From: Michael Silk [mailto:michaels@phg.com.au]
Sent: 25 November 2004 12:29
To: Damhuis Anton; secprog@securityfocus.com
Subject: RE: .Net and security


Hi,

        That is not the way it is here ... My co-worker is consistently
telling me "but Microsoft does it this way ..." and refuses to discuss
alternatives. The problem being the environment in MS is totally
different from our own so most of the development strategies are not
appropriate.

-- Michael

Confidentiality Warning
=======================

The contents of this e-mail and any accompanying documentation
are confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Is this list still active?, David LeBlanc
Next by Date:  RE: Java Inner Classes Insecure?, Michael Silk
Previous by Thread:  RE: .Net and security, Michael Silk
Next by Thread:  Java Inner Classes Insecure?, Craig E. Ward
Indexes:  [Date] [Thread] [Top] [All Lists]