Clarity, Technology, and Solving Problems | PracticeThis.com
WP7 App with Key Windows Azure resources – Slides, Videos, How-To’s, and T-shooting – for quick consumption on the go.
patterns & practices Security How To's Index
ASP.NET 2.0 Security Questions and Answers
Using mouse is inefficient and slow - for detailed explanation go here
These are my favorite (those I actually use) shortcuts.
[Ed. - I am updating it constantly as I find more useful shortcuts I actually use]
[Ed. - the following added from Chris online]
Visual Basic Shortcuts poster
Visual C# Shortcuts poster
Visual C++ Shortcuts poster
What are yours?
When three years ago I started to practice Threat Modeling I thought it is most boring part of security (which itself is not the most fascinating thing to most of people). I hated it since it seemed too boring - interview folks, read tones of specs, and write documents. Come on! I am .Net code guy! But fortunately to me I was motivated by good reasons to keep doing it - one cannot build good design from security perspective unless security is considered through out the design process itself. That is essentially the one and single reason to do Threat Modeling.
Now what approach to take? How actually to conduct Threat Modeling? Here came the confusion...
These are some really good sources of knowledge I tried to adopt:
Seems like we are really crazy about the topic, lets do some search, hmm indeed we really like it:
So which one is the best?
Depends on who you are. Are you developer, architect, IT guy, security auditor, security consultant, doing line of business app, ISV guy, what is your budget, what is your dev culture? There are lot more attributes.
So while I cannot map each each and every attribute to the above Threat Modeling techniques (which have a lots in common anyway), I found the big chunks of the process while conducting Threat Modeling that work for me and my customers. It is also very aligned to Security Language That Every One Understands
Here are my big chunks:
It is not my invention rather what I absorbed from the resources above and adjusted to my needs.
Today I just love Threat Modeling and the above approach works for me - I am still got paid for this :)