Software Engineering, Project Management, and Effectiveness
This is a comprehensive roundup of our patterns & practices security guidance for the Microsoft platform. I put it together based on customers looking for our security guidance, but having a hard time finding it. While you might come across a guide here or a How To there, it can be difficult to see the full map, including the breadth and depth of our security guidance. This is a simple map. organized by “guidance type” (i.e. Guides, App Scenarios, Checklists, Guidelines, How Tos, … etc.)
Books / Guides (“Blue Books”) If you’re familiar with IBM Redbooks, then you can think of our guides as Microsoft “Blue Books.” Our patterns & practices Security Guides provide prescriptive guidance and proven practices for security. Each guide is a comprehensive collection of principles, patterns, and practices for security. These are also the same guides used to compete in competitive platform studies. Here are our patterns & practices Security Guides:
The HTML and PDF version of the guides are available for free on MSDN. The print versions are available for sale on on Amazon.
For more on the impact of Blue Books for platform success, see The Power of Blue Books for Platform Impact.
Key Features of the Guides Key Features of the guides include:
Security Engineering To meet your security objectives, security engineering activities must be an integral part of your software development practices. Our patterns & practices Security Engineering builds on, refines, and extends core life cycle practices to create security-specific practices. You can adopt these activities incrementally as you see fit. These security activities are integrated in MSF Agile, available with Visual Studio Team System. This provides tools, guidance, and workflow to help make security a seamless part of your development experience.
Application Scenarios and Solutions
ASP.NET Application Scenarios
WCF (Intranet Application Scenarios)
WCF (Internet Application Scenarios)
Cheat Sheets A Cheat Sheet present reference information as a quick view. They are easy to print out and put up on the wall as a quick reference or reminder of key information. Here are our security Cheat Sheets:
Checklists A Checklist present a verification to perform ("what to check for", "how to check" and "how to fix".) Checklists work hand-in-hand with Guidelines. Whereas Guidelines are the “what to do”, “why”, and “how”, the Checklist is a distilled set of checks to perform. Here are our security Checklists:
Guidelines Our Guidelines present the “what to do”, “why”, and “how”. Here are our security Guidelines:
Practices at a Glance Our Practices at a Glance are brief problem and solution pairs that summarize solutions and link to more information.
Explained An Explained article exposes the what and how mechanics (e.g. how things work, basic architecture, design intentions, usage scenarios). Here are our security Explained articles:
FAQs A FAQ article is a collection of frequently asked question related to a technology, product, technique. They aren’t restricted to high-level questions. In fact, many of the questions actually cut pretty deep. Here are our security FAQs:
How Tos A How To article provides steps to execute an end to end task. They compliment the Guidelines and Checklists. While the Guidelines will simply provide a high-level of the “what to do” or a Checklist will simply identify a check to perform, our How Tos actually elaborate and walkthrough the steps to perform it. Here are our security How Tos:
Security Engineering How Tos
ASP.NET How Tos
WCF How Tos
Most Recent patterns & practices Security Guidance Work Most recent patterns & practices security guidance efforts include the following:
My Related Posts
Can you provide some reference material on how the per call negotiation works in WCF? I am unable to find a detailed content on how the service credential negotiation works in WCF.
@ Sam -- I haven't seen anything. A sequence diagram and a simple write up of the flow would be nice. You might try posting to the <a href="social.msdn.microsoft.com/.../">WCF forum</a> to see if somebody's tackled this.