Friday, June 13, 2003

[MSDN]: Improving Web Application Security: Threats and Countermeasures Roadmap This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient. Stating the obvious, Patterns & Practices section of MSDN consistently delivers some of the most solid content of entire MSDN site.          Chris tells us about of Longhorn API review and in the process, lists some generally useful design guidelines that can benefit any .NET development team. It seems that API review is not a peer code review because it is done not by people involved in actual coding of a component. It’s not a design review because the team focuses on interfaces as oppose to their internal implementation.   Here’s my takeaway:   The team building the API had answers a standard questionnaire from the review team, which includes: - target users - potential security problems - representative sample code that users would be expected to construct.   Specific advice from reviewers: - use best practice coding conventions in sample code - support IDisposable at a macro level instead of a micro level - expose collections from properties returning IEnumerable (not from the parent object itself) - prefer properties over Get/Set methods (as appropriate) - don't tack the name of the enumeration type onto the enumeration values themselves - prefer overloads to parameters that can be null - prefer typed parameters to object parameters Points above seem to be aligned with these guidelines.       My team is growing and has several open positions we’re looking to fill in the near future. All positions are in Montreal. If you’re interested, please contact me. If you happen to know people would be a good fit, I would appreciate if you forward the info.   I know, those job descriptions are written in a language that way too official for this space. If I were to re-write them in weblog-style they would say that we’re looking for smart experienced folks passionate about developing great enterprise software.       Senior QA Engineer   Do you want to help define the way top businesses manage their privacy policies? Our Enterprise Product Unit team has established a product: Enterprise Privacy Manager (EPM) as a leading privacy management tool.  The team is currently designing and developing the next generation of this product.   We are looking for a talented and experienced QA Engineer with a thorough understanding of testing methodologies for enterprise applications and systems. You will work closely with managers and developers on specification and design. You will design and maintain the software test plans and release processes for the entire EPM team. You will develop detailed test cases and drive the high quality of the product from requirements analysis up to final release.   This position requires 4 or more years of commercial development experience including experience with at least one full software product cycle in QA role. The successful candidate must be passionate about customer satisfaction. Ability to handle multiple ongoing projects is a must.  Qualifications also include excellent communication skills, thorough knowledge of development and release processes, strong problem solving and analysis skills.   Experience in testing of Distributed Systems, COM+, .NET, C#, ADO.NET, XML and ASP.NET is an asset.   This is a 1 year contract position with strong potential for permanent employment.     Software Design Engineer   Do you want to help define the way top businesses manage their privacy policies? Our Enterprise Product Unit team has established a product: Enterprise Privacy Manager (EPM) as a leading privacy management tool.  The team is currently designing and developing the next generation of this product.   We are looking for a talented and highly motivated developer to own and drive the design and implementation of the EPM database, and data access components using .NET tools and technologies. You will be a member of a small, dynamic team and will be expected to work with third party's and the client's development teams in order to ship high quality software.   This position requires 4 or more years of commercial development experience; deep understanding of the design of database-centric systems and principles of mapping object-oriented and relational data models as well as demonstrated proficiency in developing SQL database applications. The candidate will possess strong problem solving and communication skills and ability to ship great software on time.   Preferably, the candidate will have a Computer Science degree and 2+ of experience working with Win32, C++, ODBC, ADO and COM technologies. Experience in the design of Distributed Systems, COM+, .NET, C#, ADO.NET, XML and ASP.NET is an asset.   This is a 1 year contract position with strong potential for permanent employment.     Software Design Engineer - Test   Do you want to work with cool technologies like .NET, XML and next generation enterprise applications? Do you want to help define the way top businesses manage their privacy policies? Our Enterprise Product Unit team has established a product: Enterprise Privacy Manager (EPM) as a leading privacy management tool.  The team is currently designing and developing the next generation of this product.   We are looking for a talented Software Design Engineer in Test with a thorough understanding of testing methodologies for multi-tier applications as well as experience in debugging Web and Windows applications. You will work closely with managers and developers on specification and design reviews of the new technology. You will design and maintain the software development environment for the entire EPM team. You will develop test plans to assure the high quality of the product.   The successful candidate must be passionate about customer satisfaction. Primary responsibilities include designing and implementing test plans and test cases, participating in the design and implementation of automation framework for API and end-to-end testing, tracking and analyzing bugs. Ability to handle multiple ongoing projects is a must.  Qualifications include excellent communication skills, thorough knowledge of development and release processes, strong problem solving and debugging skills, minimum 3 years testing and coding experience required. Proficiency with C++, C# and/or scripting language is required. Knowledge of .NET, XML, CVS is preferred.   This is a 1 year contract position with strong potential for permanent employment.        My team is growing and has several open positions we’re looking to fill in the near future. All positions are in Montreal. If you’re interested, please contact me. If you happen to know people would be a good fit, I would appreciate if you forward the info.   I know, those job descriptions are written in a language that way too official for this space. If I were to re-write those postings weblog-style they would say that we’re looking for smart experienced folks passionate about developing great enterprise software.       Senior QA Engineer   Do you want to help define the way top businesses manage their privacy policies? Our Enterprise Product Unit team has established a product: Enterprise Privacy Manager (EPM) as a leading privacy management tool.  The team is currently designing and developing the next generation of this product.   We are looking for a talented and experienced QA Engineer with a thorough understanding of testing methodologies for enterprise applications and systems. You will work closely with managers and developers on specification and design. You will design and maintain the software test plans and release processes for the entire EPM team. You will develop detailed test cases and drive the high quality of the product from requirements analysis up to final release.   This position requires 4 or more years of commercial development experience including experience with at least one full software product cycle in QA role. The successful candidate must be passionate about customer satisfaction. Ability to handle multiple ongoing projects is a must.  Qualifications also include excellent communication skills, thorough knowledge of development and release processes, strong problem solving and analysis skills.   Experience in testing of Distributed Systems, COM+, .NET, C#, ADO.NET, XML and ASP.NET is an asset.   This is a 1 year contract position with strong potential for permanent employment.     Software Design Engineer   Do you want to help define the way top businesses manage their privacy policies? Our Enterprise Product Unit team has established a product: Enterprise Privacy Manager (EPM) as a leading privacy management tool.  The team is currently designing and developing the next generation of this product.   We are looking for a talented and highly motivated developer to own and drive the design and implementation of the EPM database, and data access components using .NET tools and technologies. You will be a member of a small, dynamic team and will be expected to work with third party's and the client's development teams in order to ship high quality software.   This position requires 4 or more years of commercial development experience; deep understanding of the design of database-centric systems and principles of mapping object-oriented and relational data models as well as demonstrated proficiency in developing SQL database applications. The candidate will possess strong problem solving and communication skills and ability to ship great software on time.   Preferably, the candidate will have a Computer Science degree and 2+ of experience working with Win32, C++, ODBC, ADO and COM technologies. Experience in the design of Distributed Systems, COM+, .NET, C#, ADO.NET, XML and ASP.NET is an asset.   This is a 1 year contract position with strong potential for permanent employment.     Software Design Engineer - Test   Do you want to work with cool technologies like .NET, XML and next generation enterprise applications? Do you want to help define the way top businesses manage their privacy policies? Our Enterprise Product Unit team has established a product: Enterprise Privacy Manager (EPM) as a leading privacy management tool.  The team is currently designing and developing the next generation of this product.   We are looking for a talented Software Design Engineer in Test with a thorough understanding of testing methodologies for multi-tier applications as well as experience in debugging Web and Windows applications. You will work closely with managers and developers on specification and design reviews of the new technology. You will design and maintain the software development environment for the entire EPM team. You will develop test plans to assure the high quality of the product.   The successful candidate must be passionate about customer satisfaction. Primary responsibilities include designing and implementing test plans and test cases, participating in the design and implementation of automation framework for API and end-to-end testing, tracking and analyzing bugs. Ability to handle multiple ongoing projects is a must.  Qualifications include excellent communication skills, thorough knowledge of development and release processes, strong problem solving and debugging skills, minimum 3 years testing and coding experience required. Proficiency with C++, C# and/or scripting language is required. Knowledge of .NET, XML, CVS is preferred.   This is a 1 year contract position with strong potential for permanent employment.

Site Statistics

© Copyright 2003 Alexis Smirnov. Last update: 7/9/2003; 1:59:27 PM.