I've been tasked with writing a comprehensive security model for our application. It is a server application with web and web services access.
Although I am no security expert, I feel somewhat confident being able to make individual programming decisions with respect to security. However, I feel inadequate with my current knowledge and skill to put this comprehensive plan together.
Does anyone have some recommended resources in this area?
I believe MS has had a quite a few presentations, seminars and videos on this. There is an Application Block dedicated to this in the Enterprise App Blocks. Having a look at this should help.
To build software that meets your security objectives, you must integrate security activities into your software development lifecycle. This handbook captures and summarises the key security engineering activities that should be an integral part of your
software development processes.
These security engineering activities have been developed by Microsoft patterns & practices to build on, refine and extend core lifecycle activities with a set of security-specific activities. These include identifying security objectives, applying design
guidelines for security, threat modelling, security architecture and design reviews, security code reviews and security deployment reviews.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.