Re: Suggested Security and Performance Programming Classes

["K. K. Mookhey" <cto () nii co in>]

For the specific platforms that you have listed out, the following documents
would be most useful:

1. Threats and Countermeasures
http://msdn.microsoft.com/library/en-us/dnnetsec/html/threatcounter.asp

2. Building secure ASP.NET applications
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp

3. SQL Security
www.sqlsecurity.com, of course.

For general secure programming, there are a number of good references:
Secure Programming Howto: www.dwheeler.com
Writing Secure Code, Michael Howard, MS Press
OWASP www.owasp.org

As for training, there are a number of companies that provide training on
secure programming, including ours. I guess you could find a listing on
www.networkintrusion.co.uk or Google for it.

Cheers,

K. K. Mookhey
Founder-CTO,
Network Intelligence (I) Pvt. Ltd.
Web: www.nii.co.in
Tel: +91-22-22001530/22006019
============================
Security Consulting Services
http://www.nii.co.in/services.html
============================

----- Original Message ----- 
> Over the past few months I have been using my knowledge gained
> throughout the securityfocus.com lists to heighten the awareness of how
serious
> web based application security vulnerabilities (SQL Injection, Cross
> Site Scripting etc..) can be.  In response to this awareness the CIO
> asked that I research to determine if there are any commercially available
> books and/or training classes that specialize in teaching these lessons
> to our development staff.  He has also asked if I could research to
> determine if there are any suggested training and/or books that are good
> for coding for performance.
>
>
>
> Development platform: C#, ASP.net, SQL server 2000.