Tech Off Thread

3 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Application Security Model

Back to Forum: Tech Off
  • User profile image

    I've been tasked with writing a comprehensive security model for our application.  It is a server application with web and web services access.

    Although I am no security expert, I feel somewhat confident being able to make individual programming decisions with respect to security.  However, I feel inadequate with my current knowledge and skill to put this comprehensive plan together.

    Does anyone have some recommended resources in this area?

  • User profile image

    I believe MS has had a quite a few presentations, seminars and videos on this. There is an Application Block dedicated to this in the Enterprise App Blocks. Having a look at this should help.

    My 2c.

  • User profile image

    I think this is interesting...

    Developer Highway Code

    Generic Forum Image Generic Forum Image
    Developer Highway Code

    To build software that meets your security objectives, you must integrate security activities into your software development lifecycle. This handbook captures and summarises the key security engineering activities that should be an integral part of your software development processes.

    These security engineering activities have been developed by Microsoft patterns & practices to build on, refine and extend core lifecycle activities with a set of security-specific activities. These include identifying security objectives, applying design guidelines for security, threat modelling, security architecture and design reviews, security code reviews and security deployment reviews.

    Download the PDF (4.8mb)

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.