Developing with Least Privilege
At the Security Summit in Melbourne, I asked the same question I have everywhere else "Who amongst you are not logged on as a local admin when developing apps?". As usual, only 1 or 2 raised their hands. One of those who did was Ryan D'souza, who followed up with this great email:
The book I was talking about is "The .NET Developers Guide to Windows Security by Keith Brown" (ISBN:0-321-22835-9).
I found this book really helpful as it gave an in-depth review of the security features available in the .net framework, its short coming and finally how to bridge the gap with unmanaged c++ code (only where required). The other aspect of the book gave an overview of the inner working of AD in a domain and in detail in regards to user permission roll-outs and their impact.
I know this probably sounds like a sales pitch but I was quite pleased with the contents of the book and would definitely recommend it to any .net developer.
Thanks Ryan - great info