Software Engineering, Project Management, and Effectiveness
The key to making principles, patterns, and practices more effective is to have an organizing frame. While working on our patterns & practices WCF Security Guidance Project, we created the Web Services Security Frame for just such a purpose. We use the frame throughout the guidance to organize threats, attacks, vulnerabilities and countermeasures, as well as to organize principles, patterns, and practices.
Web Services Security Frame
Here's a snapshot of the frame (the power of the frame is that it's a durable, evolvable backdrop -- in other words, you can shape it to your own purposes.) You'll see this frame used throughout our upcoming guide. Notice that the categories serve as a pivot that we can hang other viewpoints (threats/attacks, vulnerabilities, countermeasures.)
Threats / Attacks Organized By the Web Services Security Frame
Vulnerabilities Organized by the Web Services Security Frame
Countermeasures Organized by the Web Services Security Frame
ThanksSpecial thanks to Rudy Araujo and ACE Team members, Richard Lewis and John Steer for their contribution toward helping shape a better frame.
My Related Posts
excellent post JD. ACE will hopefully be talking about WCF Security at TechReady as well.
excellent post JD. ACE will hopefully be talking about Web Services security at TechReady as well.
Rob Boucher and I will be presenting on WCF security at TR7.
When I ramp new folks on the team, I find it helpful to whiteboard how I build prescriptive guidance.