Step 1: Believe You Will Be Attacked

The first step is all about taking security seriously. Everyone from the development team, to the management team, to the project sponsor must share the belief that the system will someday be attacked and for this reason it needs an investment in security. Without this belief, you won’t get the buy-in to use project resources on security features.

What systems are in danger of attack? The answer is every system. Web sites of large companies and government departments are obvious targets because many hackers would love to boast, "I defaced the Microsoft homepage" or "I broke into the FBI." In fact, any computer simply connected to the Internet is in danger of attack—for example, when a virus like the SQL Slammer ...

Get Security for Microsoft® Visual Basic® .NET now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.