Security continues to be at the fore front of every application developer’s mind.  I constantly get asked by our customers for more information and help (tools, code samples, prescriptive guidance) around building high-secure applications and services.


The Patterns and Practices team recently drove an effort partnering with several security experts in the community.  The main reason for this effort is to create a suite of modular, task-based security code samples and to create a reusable code example template for making these more useful.  The net result is a set of organized, security code samples to supplement the existing PAG security guidance.  These code snippets are hosted here as part of Channel 9 on MSDN.


We do have code samples on a variety of topics including administration, auditing and logging, authentication and user management, authorization, communications, configuration management, cryptography, database connectivity, exception management, input and data validation, i/o, registry, session management and web services.


J.D. Meier, who is a part of the Patterns and Practices team, wrote a good blog recently on this.  The initial feedback from our customers has been quite positive.  If you have any additional feedback, do let the team know.