Well, I can surely say that you are my hero - yes you are! You made it through all this. It's been long way. You've done security awareness training, you went through security arch and design inspections plus threat modeling just to make sure that the design is security bullet proof. Then you wrote some code and made code inspection to make sure no security flaw was introduced into the code like lack of input validation or dynamic SQL. Then you deployed the app and inspected that deployment is 100% secure. But something still bothers you "Am I good to go live with the app?".
It is time for the last check - penetration [pen] testing. It is best that some third party, expert in the area will do the stuff, but you can start doing it yourself - learn how to hack thus understand how to protect your app.
It's been some time that these are out there - short videos eplaining about vulnerabilites introduced by developers into apps, the ways to exploit, and ways to protect.
I love it very much - add to this that these were made by world class security expert, Keith Brown. So, sit back, watch the videos, learn how to hack and protect
http://channel9.msdn.com/wiki/default.aspx/SecurityWiki.InputValidationTrainingModules
On the last day of TechEd we'll give coolest session ever, "Bank Hacking Live! - Threats and countermeasures in action" delivered by Ofer Maor, CTO@hacktics company. Although the PPT is heavy but is only for your follow up, the session is total demo.
Check out the abstract here:
http://www.microsoft.com/israel/teched/tracks/security.aspx
Bank Hacking Live! - Threats & Countermeasures In Action
Application security has recently become a hot topic in the information security community. Terms such as SQL Injection, URL Tampering, Cookie Poisoning, Session Hijacking and others are used by consultants, vendors and the technical media. But how well do we understand these threats and how to mitigate them? In this session we will perform a a live demonstration of application hacking techniques executed against Hacktics' demo online banking application. We will look at common web application attacks, explain the flaws which cause them, and demonstrate actual exploit used by hackers in the real world. Finally, we will explain how each such attack could have been mitigated by utilizing secure coding practices.
See you there