securityengineering

Cancel
Save
Edit
Return to HomePage


patterns & practices Security Engineering


Approach

patterns & practices Security Engineering includes specific security related activities.
http://msdn2.microsoft.com/en-us/library/ms998404.securityinlifcycle(en-us,MSDN.10).gif


These include identifying security objectives, creating threat models, applying secure design guidelines, patterns and principles, conducting architecture and design reviews for security, performing regular code reviews for security, testing for security, and conducting deployment reviews to ensure secure configuration.


Overview

* Security Engineering Overview


Threat Modeling

* How To: Create a Threat Model for a Web Application at Design Time

Security Design Guidelines

* Web Application Security Design Guidelines (on MSDN)

.NET 1.1
* .NET Framework 1.1 Security Guidelines (On MSDN)
* ADO.NET 1.1 Security Guidelines (On MSDN)
* ASP.NET 1.1 Security Guidelines (On MSDN)
* Code Access Security (.NET 1.1) Security Guidelines (On MSDN)
* Enterprise Services (.NET 1.1) Security Guidelines (On MSDN)
* Remoting (.NET 1.1) Security Guidelines (On MSDN)
* Web Services (.NET 1.1) Security Guidelines (On MSDN)

.NET Framework 2.0
* .NET Framework 2.0 Security Guidelines (On MSDN)
* ADO.NET 2.0 Security Guidelines (On MSDN)
* ASP.NET 2.0 Security Guidelines (On MSDN)

Security Design Inspection

* Web Application Security Design Inspection

Security Testing

* Security Testing

Security Code Inspection


Baseline Activity:
* How To: Perform Security Code Review for Managed Code (Baseline Activity) (On MSDN)

.NET 1.1
* .NET Framework 1.1 Security Code Review
* ADO.NET 1.1 Security Code Review
* ASP.NET 1.1 Security Code Review
* Code Access Security (.NET 1.1) Security Code Review
* Enterprise Services (.NET 1.1) Security Code Review
* Remoting (.NET 1.1) Security Code Review
* Unmanaged Code (.NET 1.1) Security Code Review
* Web Services (.NET 1.1) Security Code Review

Special case:
* Buffer Overflow (Managed Code) Security Code Review
* Cross-Site Scripting Code Review
* SQL Injection Code Review


Security Deployment Inspection

Application:
* ASP.NET 1.1 Security Deployment Review
* How To: Perform a Security Deployment Review for ASP.NET 2.0

Web Server:
* IIS 5 Security Deployment Review

Database Server:
* SQL Server 2000 Security Deployment Review

Network:
* Network Security Deployment Review

Checklists

* Application Security Design Checklist

.NET 1.1
* .NET 1.1 Security Checklist
* ADO.NET 1.1 Security Checklist
* ASP.NET 1.1 Security Checklist
* Code Access Security (.NET 1.1) Security Checklist
* Enterprise Services (.NET 1.1) Security Checklist
* Remoting (.NET 1.1) Security Checklist
* Web Services (.NET 1.1) Security Checklist

Deployment:
* IIS 5 Security Checklist
* Network Security Checklist
* SQL Server 2000 Security Checklist

Additional Resources

* Security Guidance Share: http://www.SecurityGuidanceShare.com




Return to HomePage