Protect Ya Neck: Securing web applications with threat modeling
Currently I work on building large scale web services that face the the public as part of what Microsoft calls software plus services (Software+Services). In this area of Internet facing applications all aspects of security are important, including intelligent attack mitigation at the software level. The identification of possible threats and vulnerabilities are found through an iterative process called threat modeling during the design phase of the development lifecycle. Here are some links that can help you build more secure web applications through the process of threat modeling.
Threat Modeling Web Applications - MSDN Patterns & Practices
Threat Modeling at the MSDN Security Development Center
Microsoft Application Threat Modeling Blog
Microsoft Application Consulting & Engineering Team Blog
Threat Modeling Articles at The Security Development Lifcycle Blog (MSDN)
Threat Modeling from Microsoft Press
Writing Secure Code, Second Edition from Microsoft Press
