Spreadsheet QualitySpreadsheet Design Concepts Series
Security
- Is everybody's concern
- Spreadsheets can be used as a staging board for privilege escalation (with your login details!)
- Consider SD3 +C
- Secure by
- Design
- Default
- Deployment
- Communication
- Threat Modeling- Assets, Threats
- Threat Types - STRIDE
- (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
- Threats - rate with DREAD
- (Damage potential, Reproducibility, Exploitability, Affected Users, Discoverability)
- Spreadsheets (all flavours) are fairly insecure
- Compiled UDFs (.net, COM, XLL) and Database servers can help
- Set macro security to high and use code signing certificates.
- See Microsoft MOC 2840A - Implementing security for more info.
|
| |
|
|
Products for sale:
AltFileSearch
New information about the missing FileSearch feature in Office 2007 and details of our pragmatic solution (Current price GBP 25.00 + Vat)
wsUnprotector
Instant Excel worksheet protection remover and password recovery (Current price GBP 15.00 + Vat)
Classic Ribbon Tab
Add Excel 97/2000/2002/2003 compatible menu structure to Excel 2007
(Current Price GBP 10.00 + Vat)
Products coming soon:
XLAnalyst Pro
(Excel VBA based spreadsheet auditing tool)
Due before the end of 2009. |
