Tech Off Thread

3 posts

Application Security Model

Back to Forum: Tech Off
  • User profile image
    Larsenal

    I've been tasked with writing a comprehensive security model for our application.  It is a server application with web and web services access.

    Although I am no security expert, I feel somewhat confident being able to make individual programming decisions with respect to security.  However, I feel inadequate with my current knowledge and skill to put this comprehensive plan together.

    Does anyone have some recommended resources in this area?

  • User profile image
    asharism

    I believe MS has had a quite a few presentations, seminars and videos on this. There is an Application Block dedicated to this in the Enterprise App Blocks. Having a look at this should help.

    My 2c.

  • User profile image
    TomasDeml

    I think this is interesting...

    Developer Highway Code

    Generic Forum Image Generic Forum Image
    Developer Highway Code

    To build software that meets your security objectives, you must integrate security activities into your software development lifecycle. This handbook captures and summarises the key security engineering activities that should be an integral part of your software development processes.

    These security engineering activities have been developed by Microsoft patterns & practices to build on, refine and extend core lifecycle activities with a set of security-specific activities. These include identifying security objectives, applying design guidelines for security, threat modelling, security architecture and design reviews, security code reviews and security deployment reviews.

    Download the PDF (4.8mb)

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.