Thursday, May 19, 2005

Oracle support for .NET

Though I am not an avid Oracle user, it is good to see how different products continue to leverage .NET capabilities and resources.

Oracle has announced a new set of development tools called Oracle developer tools for .NET to .NET enthusiasts who wanted to utilize Oracle database.

Oracle developer tools for .NET come with a set of development tools - the tools that are tightly integrated with Visual Studio .NET 2002 or Visual Studio .NET 2003. The developer tools combine the rich UI of Visual Studio .NET and allow to interact with Oracle database. Oracle Explorer (an explorer of Oracle Database), wizards and designer(for creating Oracle .NET applications) , Automatic Code generation (Pull in the data from Stored Proc, and code is automatically generated !!!) and .NET stored procedure deployment are some of the tools available at oracle developer tools for .NET.

ODP.NET or Oracle Data Provider for .NET is a rich data base programming interface. Moreover, it is derived from ADO.NET specification, and thus, has inbuilt all features that ADO.NET supports. While all can be the same, interesting point here is that, ODP.NET supports multiple "resultsets" for a single command object. ODP.NET has also some of the performance tuning options available for Oracle. Above all, ODP.NET comes with full support to Oracle 10g database.

ODP.NET is available for free download. Any prizes for that?


Tuesday, May 17, 2005

Threat Modeling Guide resource at Microsoft

Microsoft has an excellent resource for Threat Modeling here. This guide intends to speak on Threat Modeling and covers steps to create Threat Models.

For those new, let me brief about Threat Modeling: Threat Modeling is technique that encompass around security right from the Design phase. Applications should be secure by design, as well as secure by coding. Threat models when fully constructed can be seen as "attack patterns". It would enable all - architects to app coders, to successfully absorb threats, vulnerabilities and attacks.

Threat modeling revolves around three key stages:
1. Collecting background information for the application
2. Modeling the system : Typically in this stage you would draw boundaries around the app you develop and start seeing application from attackers prespective.
3. Determine threats : Once you have modeled the system, you determine the threats and develop some severity for each threat detected. This severity would be qualitative as well as quantitative. Quantitative in the sense, you apply STRIDE for the threats determined, and Qualitative in the sense you apply DREAD ranking. And finally you get the severity count for each threat determined. Higher the severity, higher is the app risk prone. And you could solve the problem, before it actually begins !!!