Return to HomePage

---

patterns & practices Security Engineering

Approach

patterns & practices Security Engineering includes specific security related activities.
http://msdn2.microsoft.com/en-us/library/ms998404.securityinlifcycle(en-us,MSDN.10).gif


These include identifying security objectives, creating threat models, applying secure design guidelines, patterns and principles, conducting architecture and design reviews for security, performing regular code reviews for security, testing for security, and conducting deployment reviews to ensure secure configuration.

Overview

* Security Engineering Overview

Threat Modeling

* How To: Create a Threat Model for a Web Application at Design Time

Security Design Guidelines

* Web Application Security Design Guidelines (on MSDN)

.NET 1.1
* .NET Framework 1.1 Security Guidelines (On MSDN)
* ADO.NET 1.1 Security Guidelines (On MSDN)
* ASP.NET 1.1 Security Guidelines (On MSDN)
* Code Access Security (.NET 1.1) Security Guidelines (On MSDN)
* Enterprise Services (.NET 1.1) Security Guidelines (On MSDN)
* Remoting (.NET 1.1) Security Guidelines (On MSDN)
* Web Services (.NET 1.1) Security Guidelines (On MSDN)

.NET Framework 2.0
* .NET Framework 2.0 Security Guidelines (On MSDN)
* ADO.NET 2.0 Security Guidelines (On MSDN)
* ASP.NET 2.0 Security Guidelines (On MSDN)

Security Design Inspection

* Web Application Security Design Inspection

Security Testing

* Security Testing

Security Code Inspection

Baseline Activity:
* How To: Perform Security Code Review for Managed Code (Baseline Activity) (On MSDN)

.NET 1.1
* .NET Framework 1.1 Security Code Review
* ADO.NET 1.1 Security Code Review
* ASP.NET 1.1 Security Code Review
* Code Access Security (.NET 1.1) Security Code Review
* Enterprise Services (.NET 1.1) Security Code Review
* Remoting (.NET 1.1) Security Code Review
* Unmanaged Code (.NET 1.1) Security Code Review
* Web Services (.NET 1.1) Security Code Review

Special case:
* Buffer Overflow (Managed Code) Security Code Review
* Cross-Site Scripting Code Review
* SQL Injection Code Review

Security Deployment Inspection

Application:
* ASP.NET 1.1 Security Deployment Review
* How To: Perform a Security Deployment Review for ASP.NET 2.0

Web Server:
* IIS 5 Security Deployment Review

Database Server:
* SQL Server 2000 Security Deployment Review

Network:
* Network Security Deployment Review

Checklists

* Application Security Design Checklist

.NET 1.1
* .NET 1.1 Security Checklist
* ADO.NET 1.1 Security Checklist
* ASP.NET 1.1 Security Checklist
* Code Access Security (.NET 1.1) Security Checklist
* Enterprise Services (.NET 1.1) Security Checklist
* Remoting (.NET 1.1) Security Checklist
* Web Services (.NET 1.1) Security Checklist

Deployment:
* IIS 5 Security Checklist
* Network Security Checklist
* SQL Server 2000 Security Checklist

Additional Resources

* Security Guidance Share: http://www.SecurityGuidanceShare.com

---

Return to HomePage