Share via

Security Guidance for Hobbyist Developers

If you're new to programming and to security then this is the place to start. On this page we list the most important information that hobbyists, students, and new developers need to understand when setting up a computer for development use.

Articles

  • How To: Secure Your Developer Workstation
    This How To helps you improve your development workstation security. Developers often have computers running software such as IIS, Microsoft SQL Server, or the Microsoft SQL Server Desktop Engine (MSDE.) For example, Microsoft Visual Studio® .NET is designed for local development with IIS, so it is common for a developer to run IIS locally. As a developer, you need to be able to secure these services against attack, even if your computer is in a protected local area network.
  • Develop Software with Non-Administrative Privileges
    Develop software in Visual Studio .NET with non-administrative privileges to ensure a more secure environment that limits the damage done by viruses and security breaches.
  • Security Tips: Defend Your Code with Top Ten Security Tips Every Developer Must Know -- MSDN Magazine, September 2002
    What are some of the really important issues, the biggest mistakes you should watch out for right now so that you don't compromise your data or your system? Security experts Michael Howard and Keith Brown present 10 tips to keep you out of hot water.
  • An Overview of Security in the .NET Framework
    The fundamental features in the Microsoft .NET Framework security system are profiled, including the ability to confine code to run in tightly constrained, administrator-defined security contexts for a dynamic download and execution, and remote execution, model.
  • How To Use MBSA
    This module will show you how to scan your computer to determine missing security updates and to check for insecure default configuration settings.
  • Securing Your SQL Server 2005 Express Server
    Discover what makes SQL Server Express easier to use and protect, and more secure and stable than your existing JET applications.
  • Introducing the NET Framework Security System: Code Access Security
    Introducing a .NET Framework security system called Code Access Security (CAS), Code Access Security (CAS), which helps centralize trust decisions and introduces the notion of partially trusted code that can be run with reduced permissions.

Checklists

Tools

  • Microsoft Windows Update
    Get the latest updates available for your computer's operating system, software, and hardware. Windows Update scans your computer and provides you with a selection of updates tailored just for you.
  • Microsoft Baseline Security Analyzer
    As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA).