Security Basics mailing list archives

RE: Development Environment Best Practices

From: "David" <david () clicksee net>
Date: Thu, 16 Jun 2005 09:40:08 +0700

I did config and release management for 4 years. When I was learning I
read a lot of Susan Dart but unfortunately the links I had for her are
now broken...

Try
http://www.cmtoday.com/

If you ever have to work with VSS- horrible tool that I'm embarrassed to
have worked with:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnvss/h
tml/vssauto.asp

One thing I will say about managing an environment with developers- Be
strict about getting them to report config changes such as new registry
entries and updates to drivers or software they implement. We used to
allow them full control on the dev machines to install or change
anything they wanted but we would also partially rebuild the machines
each morning by script including re-writing the registry and
reinstalling all web pages and dlls so it kept the dev environment clean
and gave the developers a good reason to report changes they were making
to us. If they didn't they would most likely go away by the next
morning.

Create a backup of everything you are going to replace and put anything
you're going to release to QA in a release folder and then you will know
for certain you are releasing the exact same thing to live.

Find a good resource on "DLL hell" and managing GUIDs. This is another
reason we compiled everything each morning to reinstall on the dev
machines. That way older dlls compiled against an older version of a
recently updated dll don't fail.

Good Luck!

-----Original Message-----
From: Joshua Berry [mailto:jberry () PENSON COM] 
Sent: Tuesday, June 14, 2005 9:52 PM
To: security-basics () securityfocus com
Subject: Development Environment Best Practices

Does anyone on this list have any resources for Development environment
best practices.  I am looking for something that explains the need to
separate the production, testing, and development environments.  I also
need something explaining correct processes for developing and
implementing code (such as: developers should not administer the
production servers they install code on, or developers should not have
full admin rights on all boxes, etc).

Any help would be greatly appreciated.  Thanks.

 
Josh Berry | CISSP GCIA 
Information Security
214-765-1296
 
-------------------------------------------------------------------- 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
     -- (Former) White House Cybersecurity adviser Richard Clarke

Current thread:

Development Environment Best Practices Joshua Berry (Jun 15)
- RE: Development Environment Best Practices David (Jun 16)