Security Engineering Explained and Security Deployment Review for ASP.NET 2.0 are now available on MSDN - Security Guidance for .NET Framework 2.0 - Site Home

We just released patterns & practices Security Engineering Explained and How To: Perform a Security Deployment Review for ASP.NET 2.0 on MSDN.

The Security Engineering Explained PDF builds on the guidance from Improving Web Application Security: Threats and Countermeasures. The PDF contains the following chapters:

Introduction
Chapter 1, Security Engineering Approach
Chapter 2, Security Objectives
Chapter 3, Security Design Guidelines
Chapter 4, Threat Modeling
Chapter 5, Security Architecture and Design Review
Chapter 6, Security Code Review
Chapter 7, Security Deployment Review

The How To: Perform a Security Deployment Review for ASP.NET 2.0 shows you how to perform a security deployment review for an ASP.NET 2.0 application and how to identify potential security vulnerabilities introduced by inappropriate configuration settings.