J.D. Meier's Blog

Software Engineering, Project Management, and Effectiveness

Browse by Tags

Tagged Content List
  • Blog Post: Windows Azure Security Notes Posted to the Security TechCenter

    Our Windows Azure Security Notes are now available under the Highlights section on TechNet’s Security TechCenter . It’s a collection of common applications scenarios for Web applications, Web services, and data on Azure, and it’s a map of common threats, attacks, vulnerabilities, and countermeasures...
  • Blog Post: Now Available: Windows Azure Security Notes PDF

    Windows Azure Security Notes (PDF) is a collection of our notes and learnings from exploring the cloud security space and working through Windows Azure security scenarios.   Note that this is not a guide and it’s not a Microsoft patterns & practices deliverable.  It’s simply a way...
  • Blog Post: Cloud Security Threats and Countermeasures at a Glance

    Cloud security has been a hot topic with the introduction of the Microsoft offering of the Windows Azure platform.  One of the quickest ways to get your head around security is to cut to the chase and look at the threats, attacks, vulnerabilities and countermeasures.  This post is a look at...
  • Blog Post: How To Enable SSL on Windows Azure

    As part of our Azure Security Guidance project, we tested setting up SSL during our exploration.  To do so, we created a self-signed certificate and deployed it to Azure.  This is a snapshot of the rough steps we used: Step 1 - Create and Install a test certificate Step 2 - Create a Visual...
  • Blog Post: patterns & practices Security Guidance Roundup

    This is a comprehensive roundup of our patterns & practices security guidance for the Microsoft platform.   I put it together based on customers looking for our security guidance, but having a hard time finding it.  While you might come across a guide here or a How To there, it can...
  • Blog Post: REST with ACS

    This is a draft of our REST with ACS application scenario for your feedback.  It’s a whiteboard sketch of how to secure a REST service on Azure. As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions. ...
  • Blog Post: WCF Security Scenarios on Azure

    As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.  Our goal is to show the most common application scenarios on the Microsoft Azure platform.  This is your chance to give us feedback on whether we...
  • Blog Post: ASP.NET Security Scenarios on Azure

    As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.  Our goal is to show the most common application scenarios on the Microsoft Azure platform.  This is your chance to give us feedback on whether we...
  • Blog Post: Agile Security Engineering

    “It is not necessary to change. Survival is not mandatory.” —Edwards Deming I gave a talk for the developer security MVPs at the Microsoft 2010 MVP Summit last week.  While I focused primarily on Azure Security, I did briefly cover Agile Security Engineering.  Here is the figure I used to help...
  • Blog Post: Security Mental Model for Azure

    We’ve been exploring Azure on the patterns & practices team for potential security guidance.   To get our heads around it, we’ve had to create a simple view for our team that we could quickly whiteboard or drill into.  We wanted a way to easily compare with our previous security guidance...
  • Blog Post: Cloud Security Frame

    I posted a draft of our Cloud Security Frame at Shaping Software .  This frame is especially important because we’re using it to help us map out the Cloud security space for our patterns & practices Cloud Security Guidance project.  It’s helps us scope our project.  The frame is basically...
  • Blog Post: Cloud Security Survey Results

    As a follow up to our earlier patterns & practices Cloud Security Survey , here is a quick summary of the results.  Note that the the bulk of our respondents said they spend most of their time in architect roles.  The next biggest buckets were developers and testers. Key Take Aways Here...
  • Blog Post: Security Hot Spots

    I wrote a post about Security Hot Spots on Shaping Software .  Hot Spots are a way to organize and share information more effectively.    Hot Spots are also a way to turn Pareto's principle (the 80/20 rule) into action.  By focusing on the hot spots, you find the levers in the...
  • Blog Post: New Release: patterns & practices WCF Security Guide

    Today we released our patterns & practices Improving Web Service security: Scenarios and Implementation Guidance for WCF on MSDN.  Using end-to-end application scenarios, this guide shows you how to design and implement authentication and authorization in WCF. You'll learn how to improve the...
  • Blog Post: patterns & practices Security Engineering Cheat Sheet

    We posted our patterns & practices Security Engineering Cheat Sheet to our Application Architecture Knowledge Base on CodePlex.   It’s a bird’s-eye view of applying our security techniques to the life cycle.  The techniques and approach shipped with VSTS/MSF Agile starting in 2005...
  • Blog Post: patterns & practices Security Engineering

    As part of our patterns & practices App Arch Guide 2.0 project , we're consolidating our information on our patterns & practices Security Engineering. Our security engineering approach is simply a collection of security-focused techniques that we found to be effective. One of the keys to the...
  • Blog Post: Designing an Authentication and Authorization Strategy

    What are the key steps to designing an effective authentication and authorization strategy? The keys are knowing your user stores, role stores, and who need to access what or perform which operations. In this post, I share the approaches we've used in two of our patterns & practices guides. These...
  • Blog Post: WCF Security Guide is Now Available in HTML

    Our guide, patterns & practices Improving Web Services Security:Scenarios and Implementation Guidance for WCF is now available in HTML.
  • Blog Post: New Release: patterns & practices WCF Security Guide (BETA)

    Today we released our WCF Security guide, patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF . This is our Microsoft playbook for Windows Communication Foundation (WCF - "Indigo".) It shows you how to build secure Web services using WCF. It's a compendium...
  • Blog Post: Web Services Security Frame

    The key to making principles, patterns, and practices more effective is to have an organizing frame. While working on our patterns & practices WCF Security Guidance Project , we created the Web Services Security Frame for just such a purpose. We use the frame throughout the guidance to organize threats...
  • Blog Post: WCF Security Resources

    If you're building Web services or if you're implementing SOA on the Microsoft platform , then you're probably either working with or exploring WCF (Windows Communication Foundation.) When we started our patterns & practices WCF Security Guidance project , one of the first things I did was compile...
  • Blog Post: patterns & practices WCF Security Practices at a Glance Now Available

    For this week's release in our patterns & practices WCF Security Guidance project, we released our first version of our WCF Security Practices at a Glance . Practices At a Glance gives you a bird's-eye view of how to perform common tasks. They are scannable and outcome-driven so that you can quickly...
  • Blog Post: 6 New patterns & practices WCF Security How Tos

    We have 6 new How Tos for this week's release of our patterns & practices WCF Security Guidance Project . WCF Security How Tos How To - Perform Input Validation in WCF How To - Perform Message Validation with Schemas in WCF How To - Use basicHttpBinding with Windows Authentication and TransportCredentialOnly...
  • Blog Post: patterns & practices WCF Security Questions and Answers Now Available

    What are your key security-related questions with WCF? More importantly, what are the answers? For this week's release of our WCF Security Guidance Project , we posted our WCF Security Q&A (Questions and Answers) to CodePlex. To create the questions and answers set, we first gathered and organized...
  • Blog Post: patterns & practices WCF 3.5 Security Guidelines Now Available

    For this week's release in our patterns & practices WCF Security Guidance project , we released our first version of our WCF 3.5 Security Guidelines . Each guideline is a nugget of what to do, why, and how. The goal of the guideline format is to take a lot of information, compress it down, and turn...
Page 1 of 4 (77 items) 1234