Security Folks .Net certs
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Would it be normal for someone who is supporting a web server to be certified on .net? (specifically 4.0)
Comments
-
JDMurray Admin Posts: 13,101 Admin
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
I will be the admin but I will also help out with development, mainly making sure we are doing things according to best practices. -
JDMurray Admin Posts: 13,101 AdminBl8ckr0uter wrote: »I will be the admin but I will also help out with development, mainly making sure we are doing things according to best practices.
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□You need to get with the people/organization that's defining the best practices that you will be following and ask what they recommend. If you are not an actual programmer then the ASP.NET developer certs are not for you.
That's my point, the developers aren't developing with security in mind and my boss has said, figure out what they need to do (not do it per se) so our new sites can be as secure as possible. Layer 7 on down. I was just wondering how much those certs cover security. I have the ASP.Net 4 book from wrox and it has a few chapters dedicated to security. -
JDMurray Admin Posts: 13,101 AdminBl8ckr0uter wrote: »That's my point, the developers aren't developing with security in mind and my boss has said, figure out what they need to do (not do it per se) so our new sites can be as secure as possible. Layer 7 on down. I was just wondering how much those certs cover security. I have the ASP.Net 4 book from wrox and it has a few chapters dedicated to security.
If you have a code base that's critical to the operations of your business, you might look into a professional assessment from a company like Citigal. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□There are no .NET certs specifically for security. You'd be lucky to find that just one of the exams covered only security. Software security starts in the design of the program, not in the coding (implementation). Entire software engineering degrees are based on the concept of software systems security, so I don't think one or two .NET certs will help much.
If you have a code base that's critical to the operations of your business, you might look into a professional assessment from a company like Citigal.
Ok maybe I am posing my question incorrectly. For a network admin of a small shop who happens to work for some web developers (also at this small shop) what would be some of security concerns when rolling some brand new asp.net applications from the development side. We wouldn't have money for a place like citigal to work on our code so all of this would need to be in house. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□I think I answered my own question. I just got web applications hackers handbook and Web security testing and these seem to be the answer I needed. Thanks!
-
JDMurray Admin Posts: 13,101 AdminNote that Web sites must be tested both independently of the site's technology, and tested to find vulnerabilities specific to the technology used to implement the site. For example, a poor design of a site's authentication mechanism can exist in any implementation, while an exploit specific to a version of PHP can only used on sites that use PHP.
An excellent organization to follow for information on Web site and application security is the Open Web Application Security Project (OWASP). -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□Note that Web sites must be tested both independently of the site's technology, and tested to find vulnerabilities specific to the technology used to implement the site. For example, a poor design of a site's authentication mechanism can exist in any implementation, while an exploit specific to a version of PHP can only used on sites that use PHP.
An excellent organization to follow for information on Web site and application security is the Open Web Application Security Project (OWASP).
I am actually considering joining the local branch of OWASP. I plan on following this organization very closely.
This Web Application hackers book seems like it is going to be promising. I will have to have to pick up the database hackers book later. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□Just to revisit this thread, I found these sites/books:
Security Tutorials: The Official Microsoft ASP.NET Site
ASP.NET Security: An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IIS
Amazon.com: Beginning ASP.NET Security (Wrox Programmer to Programmer) (9780470743652): Barry Dorrans: Books
Amazon.com: Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer) (9780735623316): Dominick Baier: Books