Software Engineering, Project Management, and Effectiveness
As part of our patterns & practices App Arch Guide 2.0 project, we're consolidating our information on our patterns & practices Security Engineering. Our security engineering approach is simply a collection of security-focused techniques that we found to be effective. One of the keys to the effectiveness is our security frame. Our security frame is a collection of "hot spots" that organize principles, patterns, and practices, as well as anti-patterns. We use the frame to perform security code and design inspections. Here's a preview of our cheat sheet so far.
Security OverlayThis is our patterns & practices Security Overlay:
It simply shows a common set of activities that customers already do, and then we overlay a set of security techniques.
Summary of Key Activities in the Life Cycle Our patterns & practices Security Engineering approach extends these proven core activities to create security specific activities. These activities include:
Security FrameSecurity frames define a set of patterns-based categories that can organize repeatable problems and solutions. You can use these categories to divide your application architecture for further analysis and to help identify application vulnerabilities. The categories within the frame represent the critical areas where mistakes are most often made.
When a method call in your application fails, what does your application do? How much do you reveal? Do you return friendly information to end users? Do you pass valuable exception information back to the caller? Does your application fail gracefully?
Architecture and Design IssuesUse the diagram below to help you think about architecture and design issues in your application.
The key areas of concern for each application tier are:
Design GuidelinesThis table represents a set of secure design guidelines for application architects. Use this as a starting point for secure design and to improve security design inspections
PatternsDesign patterns in this context refer to generic solutions that address commonly occurring application design problems. Some of the patterns identified below are well known design patterns. Their use in certain scenarios enables better security as a secondary goal. Some of the main patterns that help improve security are summarized below:
My Related Posts
One of my colleagues on the patterns & practices team, David Hill , collected and distilled feedback
As part of our patterns & practices App Arch Guide 2.0 project , we're consolidating our information
As part of our patterns & practices App Arch Guide 2.0 project , we've created a set of application
As part of our patterns & practices App Arch Guide 2.0 project , we've put together an arch frame.