Posts

Showing posts from March, 2009

Common mistakes by Interviewer

Now-a-days am conducting few interviews for our organization. While sitting in the other side of the table, I've visualized why most of the interviews fail with me. But when conducting these interviews, most of the candidates are attending with self confidence that they are suitable for the mentioned role and attend without preparation. When people do some real preparation, they tend to fail due to lack of awareness at the interviewer towards interviewing techniques. Having failed in many interviews, I've learned that the interviews fail because of the following... Reflection (or) Mirroring: The interviewer tends to see self within the candidate. The interviewer starts to compare self with the candidate and evaluate. This evaluation is totally personal. The yard stick for measuring the candidature is not generalized, but influenced.   Template (or) Checklist: The interviewer has a template of a questionnaire. The interviewer measures the candidate with respect to the list of st

Security & Silverlight

Image
Yes, am mentioning about Security at Silverlight applications. Well, most of the developers think that Security is not the feature of the application. and they claim that it is the responsibility of the framework on which they are developing, be it as .net or java or any other. Thus, they don’t even worry about why security should be the core of any application and it should be given prime attention. Microsoft has an initiative towards security with in any software development life cycle. This initiative is known as SDL, Security Development Lifecycle. Their definition of SDL is neatly designed as displayed. And also they have released a security guidance document for writing and deploying Silverlight Application. The document can be downloaded from this link . The TOC is some thing like this Threat Modeling and the Security Development Lifecycle Background of Web Security Same-Origin Policy Cross-Site Scripting Attacks Cross-Site Request Forgeries (CSRF) A CSRF Mitigation: Nonces