Top 10 Strategies to Secure Your Code
Since Michael Howard moved from Redmond to Austin, I've had the privilege to see him present several times now. This is the guy who literally wrote the book on writing secure code and the secure development lifecycle. He is a fantastic speaker and I'd highly recommend checking him out if you every get the opportunity. Yesterday, I heard that he was speaking on securing your code at the San Antonio OWASP meeting so I decided it was worth making the drive down to see his presentation. So, I give to you Michael Howard's Top 10 Strategies to Secure Your Code straight out of one of his Microsoft TechNet presentations.
Michael began by giving us the definition of a secure system. He said "A secure system does what it's supposed to do and no more." It's such a simple concept, but in practice such a hard thing to achieve. Here are his suggestions on how to accomplish that: