Security Guidance for .NET Framework 2.0

Available on MSDN

2005-11-09T02:44:00Z

The following security guidance is now available on MSDN:

Guidelines:

Checklists:

Security Checklist: .NET Framework 2.0

Security Checklist: ADO.NET 2.0

Security Engineering Explained and Security Deployment Review for ASP.NET 2.0 are now available on MSDN

2005-10-19T01:51:00Z

We just released patterns & practices Security Engineering Explained and How To: Perform a Security Deployment Review for ASP.NET 2.0 on MSDN.

The Security Engineering Explained PDF builds on the guidance from Improving Web Application Security: Threats and Countermeasures. The PDF contains the following chapters:

Introduction
Chapter 1, Security Engineering Approach
Chapter 2, Security Objectives
Chapter 3, Security Design Guidelines
Chapter 4, Threat Modeling
Chapter 5, Security Architecture and Design Review
Chapter 6, Security Code Review
Chapter 7, Security Deployment Review

The How To: Perform a Security Deployment Review for ASP.NET 2.0 shows you how to perform a security deployment review for an ASP.NET 2.0 application and how to identify potential security vulnerabilities introduced by inappropriate configuration settings.

Released How To: Perform a Security Code Review for Managed Code (.NET Framework 2.0)

2005-10-13T06:55:00Z

We released an updated version of our Security Code Review today called How To: Perform a Security Code Review for Managed Code (.NET Framework 2.0).

This improves our original security code review for .NET Framework 1.1 in Threats and Countermeasures. The new version outlines the code review process which uses a question driven approach by technology.

Use the companion question lists to determine if your application is susceptible to the listed security issues. The companion Question Lists are:

Web Cast on Security Engineering by patterns & practices Team

2005-10-07T02:09:00Z

Alex Mackman, core team member, delivers Security Engineering Web Cast.

In this webcast, we introduce you to the Microsoft patterns & practices approach to security that spans the life cycle of your application. These security measures include threat modeling, architecture, and design reviews for security, code reviews, and deployment reviews. Join us as we highlight the existing and emerging security guidance available to developers.

Available on MSDN

2005-08-31T03:06:00Z

The following are some links to available patterns & practices Security Guidance on MSDN.

Short Cut URLs

/ThreatModeling
/SecurityGuidance
/SecurityEngineering

To use, append to the end http://msdn.com.

Indexes

Security Guidance Index: http://msdn.microsoft.com/SecurityGuidance
Security Engineering Index: http://msdn.microsoft.com/SecurityEngineering
Security How To Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityHowTosIndex.asp
Threat Modeling: http://msdn.microsoft.com/ThreatModeling

Views

Security Guidance for .NET Framework 2.0: http://msdn.microsoft.com/library/en-us/dnpag2/html/AppSecGuidanceForFrameworkV2.asp?frame=true
ASP.NET 1.1 Security Guidance Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/ASPNET11SecurityGuidanceIndex.asp?frame=true
ASP.NET 2.0 Security Guidance Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/ASPNET2SecurityGuidanceIndex.asp?frame=true

ASP.NET 2.0

ASP.NET 2.0 Security Guidance Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/ASPNET2SecurityGuidanceIndex.asp?frame=true
ASP.NET 2.0 Security Guidelines: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGGuidelines0001.asp?frame=true
ASP.NET 2.0 Security Checklist: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGCK0001.asp?frame=true
ASP.NET 2.0 Security Practices: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGPractices0001.asp?frame=true
ASP.NET 2.0 Security How Tos: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityHowTosIndex.asp?frame=true

Security Engineering

Security Engineering Index: http://msdn.microsoft.com/SecurityEngineering
Web Application Security Engineering Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/WebAppSecurityEngIndex.asp?frame=true
Security Architecture and Design Review Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityArchAndDesignReviewIndex.asp?frame=true
Security Deployment Review Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityDeploymentReviewIndex.asp?frame=true
Threat Modeling Web Applications: http://msdn.microsoft.com/library/en-us/dnpag2/html/TMWA.asp?frame=true

About the Security Guidance for .NET Framework 2.0 Project

2005-08-31T02:57:00Z

The patterns & practices team is building application security guidance and security engineering guidance for .NET Framework 2.0 (Whidbey). The breakdown is as follows:

Security Engineering Help practitioners integrate security into their life cycle.

Application Building. Help architects/developer leads design secure applications. Help developers write secure managed code

Technical Guidance. Provide security guidance for applications built with Whidbey.

Tools Integration. Improve tools/platform integration of the guidance.

Members from this team previously brought you Building Secure ASP.NET Applications and Improving Web Application Security (See http://msdn.microsoft.com/SecNet)

Security Checklist: ADO.NET 2.0

Security Guidance for .NET Framework 2.0

Available on MSDN

The following security guidance is now available on MSDN:

Guidelines:

Security Guidelines: .NET Framework 2.0

Security Guidelines: ADO.NET 2.0

Checklists:

Security Checklist: .NET Framework 2.0

Security Engineering Explained and Security Deployment Review for ASP.NET 2.0 are now available on MSDN

Released How To: Perform a Security Code Review for Managed Code (.NET Framework 2.0)

Web Cast on Security Engineering by patterns & practices Team

Available on MSDN

About the Security Guidance for .NET Framework 2.0 Project