Software Engineering, Project Management, and Effectiveness
The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance. Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application and tailored it for an internet facing scenario. The application uses forms authentication with users and roles stored in SQL.
3 PartsThe reference implementation contains 3 parts:
The purpose of each part is as follows:
Key Engineering Decisions AddressedWe grouped the key problems into the following buckets:
These are actionable, potential high risk categories. These buckets represent some of the more important security decisions you need to make that can have substantial impact on your design. Using these buckets made it easier to both review the key security decisions and to present the decisions for fast consumption.