Spreadsheet QualitySpreadsheet Design Concepts Series
Security
- Is everybody's concern
- Spreadsheets can be used as a staging board for privilege escalation (with your login details!)
- Consider SD3 +C
- Secure by
- Design
- Default
- Deployment
- Communication
- Threat Modeling- Assets, Threats
- Threat Types - STRIDE
- (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
- Threats - rate with DREAD
- (Damage potential, Reproducibility, Exploitability, Affected Users, Discoverability)
- Spreadsheets (all flavours) are fairly insecure
- Compiled UDFs (.net, COM, XLL) and Database servers can help
- Set macro security to high and use code signing certificates.
- See Microsoft MOC 2840A - Implementing security for more info.
|
| |
|
|
Upcoming Events:
25 January 2012 - UK Excel Developer Conference - London
Products for sale:
AltFileSearch
New information about the missing FileSearch feature in Office 2007 and details of our pragmatic solution (Current price GBP 30.00)
wsUnprotector
Instant Excel worksheet protection remover and password recovery (Current price GBP 15.00)
Classic Ribbon Tab
Add Excel 97/2000/2002/2003 compatible menu structure to Excel 2007
(Current Price GBP 10.00)
Products coming soon:
Link Manager
(Find and control external links in Excel Workbooks)
Due by Q1 2111.
XLAnalyst Pro
(Excel VBA based spreadsheet auditing tool)
Due before the end of 2111. |
