Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Write Better Code

By Steve Jones,

It sounds simple. We can improve security, and reduce the need for more security IT people by writing better code. That's certainly true, and it's one of the things that I preach about often. Developers should learn about secure coding and better practices for writing code that doesn't contain vulnerabilities. There are patterns and practices that can dramatically reduce SQL Injection problems and produce code that is more secure.

We know that secure coding is an issue in our industry. Various companies are trying to write better code, including Microsoft. They have done a fantastic job reducing vulnerabilities in SQL Server over the last few versions, and there is a whole section on writing secure code on MSDN to help you get better. All developers working with .NET need to review the secure coding practices from Microsoft and implement them in any code they write or refactor.

However it takes more than developers to ensure that good code is being written. Managers need to allow more time for code to be written as developers learn to implement the patterns and frameworks that result in secure code. Management needs to make it a priority for developers to continually learn about new secure coding techniques, and allow for security testing of code.

We are building more and more applications all the time, often at frantic paces. It doesn't usually take more time to write good code than to write poor code, but you have to know how to write that code better. As developers improve their skills and incorporate secure coding techniques, their productivity will be lessened, and without management support, I worry we will continue to deploy applications with the same vulnerabilities that have existed for years.

Advocate for secure code to management, pass along headlines that show the problems associated with insecure coding, and even request penetration tests. We can make a difference in the industry with patience and persistence over time.

Total article views: 213 | Views in the last 30 days: 1
 
Related Articles
BLOG

Writing Better Emails

In January 2009, I made the transition back to being a senior DBA. One of the first things my manage...

FORUM

What is the best way to Secure Production Data from Developers SQL2000

Secure Production Data from Developers

FORUM

SQL Server 2005 Security for Developers

Security for developers withou giving sysadim access

ARTICLE

Secure Programming

Writing secure programs is hard. Steve Jones has a few comments on what some of the issues are with ...

ARTICLE

Securing Data

It's important that you do more than just implement perimeter security with firewalls. Steve Jones t...

Tags
editorial    
security    
software development    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones