"The Developer Highway Code - The drive for safer coding"
"
To build software that meets your security objectives, you must integrate security activities into your software development lifecycle. This handbook captures and summarises the key security engineering activities that should be an integral part of your software development processes.
These security engineering activities have been developed by Microsoft patterns & practices to build on, refine and extend core lifecycle activities with a set of security-specific activities. These include identifying security objectives, applying design guidelines for security, threat modelling, security architecture and design reviews, security code reviews and security deployment reviews.
From the PDF:
"...
Part I: Securing Engineering
This part presents an overview of key security engineering activities that should be an integral part of your application development lifecycle.
Module 1: Integrating Security into the Lifecycle
Module 2: Security Objectives
Module 3: Web Application Security Design Guidelines
Module 4: Threat Modelling
Module 5: Security Architecture and Design Review
Module 6: Security Code Review
Module 7: Security Deployment Review
Part II: Checklists and Question Lists
This part includes question lists and checklists to help you design, build and deploy software that meets your security objectives.
.NET Framework 1.1 Checklists
• Checklist: Web Application Architecture and Design
• Security Checklist: .NET Framework 1.1
• Security Checklist: ADO.NET 1.1
• Security Checklist: ASP.NET 1.1
• Security Checklist: Enterprise Services (.NET Framework 1.1)
• Security Checklist: Remoting (.NET Framework 1.1)
• Security Checklist: Web Services (.NET Framework 1.1)
• Security Checklist: Network Security
• Security Checklist: Web Server (IIS 5.1)
• Security Checklist: Database Server (SQL Server 2000)
.NET Framework 2.0 Checklists
• Security Checklist: ASP.NET version 2.0
• Security Checklist: .NET Framework version 2.0
• Security Checklist: ADO.NET 2.0
Question Lists for Conducting Security Code Reviews
• .NET Framework 2.0 Question List
• ASP.NET 2.0 Question List
What's New for Security in the Microsoft .NET Framework 2.0
..."
This is high level (with lots of color and pictures) 147 page PDF from MSDN UK.
While not technical or detailed (which it doesn't pretend to be, stating very clearly in the intro that "This handbook is a quick reference for developers that summarises the key security engineering activities ..."), it's an interesting quick read.
(via Gang Of Rocking Objects (GRO) - Developer Highway Code - The drive for safer coding)
No comments:
Post a Comment