Testing in the Real World

Previous page
Table of content
Next page


In January 2002, Bill Gates sent mail to all employees at Microsoft announcing the Microsoft Trustworthy Computing initiative. Companywide security training was conducted shortly thereafter. The Visual Basic .NET team—including the test, development, user-education (documentation), program-management, and localization teams, along with the rest of the Visual Studio .NET and .NET Framework teams, set several weeks aside to conduct an extensive threat analysis, design, and code review. As presented in this chapter, the Visual Basic .NET test team in conjunction with the development team first assessed all possible inroads for attack by creating a blueprint of Visual Basic .NET and then creating a list of scenarios that enumerated various security vulnerabilities. The scenarios were ranked on a scale similar to the scale presented earlier in this chapter. Bugs were entered for each scenario, with the priority of the bug set to match the priority of the scenario. The bugs were reviewed, and if vulnerabilities were discovered, appropriate measures were taken to mitigate the threats.

As part of the Microsoft Trustworthy Computing initiative, the Microsoft Visual Basic .NET test team plays a key role in helping to find security issues through focused ad-hoc testing and the use of various tools similar to those presented earlier as being used by hackers. The test team responds to a security issue by entering new bugs and by creating automated unit tests to ensure the issue will be caught immediately if the issue were ever to raise its ugly head again.

The Microsoft Visual Basic .NET development team’s involvement in the testing process includes helping create various blueprints of the application, reviewing the test team’s test plans, reviewing code for security issues, fixing security-related bugs, and writing self-testing DEBUG code to catch certain security issues immediately.

The on-going, security-focused efforts of the test, development, user-education, and other teams at Microsoft involved in the testing process is never finished. The ever-expanding and ever-changing environment where Visual Basic .NET applications run requires on-going vigilance to identify and mitigate security threats. The focused effort of the teams at Microsoft to improve the security of Visual Basic .NET is no guarantee that Visual Basic .NET will be 100 percent secure, but this effort certainly increases the likelihood that Visual Basic .NET— and in turn your code—will become more secure with each new release.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
A+ Fast Pass
WebLogic: The Definitive Guide
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Building Web Applications with UML (2nd Edition)
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy