SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Write Better Code

By Steve Jones,

It sounds simple. We can improve security, and reduce the need for more security IT people by writing better code. That's certainly true, and it's one of the things that I preach about often. Developers should learn about secure coding and better practices for writing code that doesn't contain vulnerabilities. There are patterns and practices that can dramatically reduce SQL Injection problems and produce code that is more secure.

We know that secure coding is an issue in our industry. Various companies are trying to write better code, including Microsoft. They have done a fantastic job reducing vulnerabilities in SQL Server over the last few versions, and there is a whole section on writing secure code on MSDN to help you get better. All developers working with .NET need to review the secure coding practices from Microsoft and implement them in any code they write or refactor.

However it takes more than developers to ensure that good code is being written. Managers need to allow more time for code to be written as developers learn to implement the patterns and frameworks that result in secure code. Management needs to make it a priority for developers to continually learn about new secure coding techniques, and allow for security testing of code.

We are building more and more applications all the time, often at frantic paces. It doesn't usually take more time to write good code than to write poor code, but you have to know how to write that code better. As developers improve their skills and incorporate secure coding techniques, their productivity will be lessened, and without management support, I worry we will continue to deploy applications with the same vulnerabilities that have existed for years.

Advocate for secure code to management, pass along headlines that show the problems associated with insecure coding, and even request penetration tests. We can make a difference in the industry with patience and persistence over time.

Total article views: 255 | Views in the last 30 days: 1
Related Articles

Why Devops? For Better Security

DevOps is supposed to help us build better software, faster. Steve Jones looks at one of the other b...


Backup Data Security

We need better security for our data, especially for our choices in managing data.


We Really Need Better Security

Some disturbing security issues reported this week.


Writing Better Emails

In January 2009, I made the transition back to being a senior DBA. One of the first things my manage...


What is the best way to Secure Production Data from Developers SQL2000

Secure Production Data from Developers

software development