October 2005 - Posts

High ROI Security Activities

You can create effective security activities based on the high ROI engineering activities : Security design guidelines Security architecture and design review Security code review Security testing Security deployment review Rather than interspersing security Read More...

Posted 11 October 05 06:58 by J.D. Meier | 5 Comments   
Filed under Security

Security Approaches That Don't Work

If it’s not broken, then don’t fix it ... The problem is, you may have an approach that isn’t working, or it’s not as efficient as it could be, but you may not even know it. Let’s take a quick look at some broken approaches and get to the bottom of why Read More...

Posted 11 October 05 06:50 by J.D. Meier | 3 Comments   
Filed under Security

Context Precision

A Web application is not a component is not a desktop application is not a Web service. If I gave you an approach to threat model a Web application, you can probably stretch the rubber band to fit Web services too. You could probably even bend it to work Read More...

Posted 10 October 05 07:36 by J.D. Meier | 4 Comments   
Filed under Guidance Engineering, Design

Threat Modeling Terms and How To Use Them

I see a lot of confusion over terms when it comes to threat modeling. The terms matter because they shape focus. For example if you confuse threats with attacks, you've limited what you're looking for. There are the terms we used when we created our How Read More...

Posted 10 October 05 06:10 by J.D. Meier | 1 Comments   
Filed under Security

Search

This Blog

• Home
• Email

Tags

• Agile
• AppArch
• Architecture
• Blogging
• Business
• Cloud
• Competitive Studies
• Design
• Effectiveness
• Frames
• General
• Guidance Engineering
• Guidance Explorer
• Innovation
• Intellectual Horsepower
• Leadership
• Lessons Learned
• My Projects
• Patterns
• patterns and practices
• Performance
• Process
• Productivity
• Project Management
• Project Practices
• Releases
• Results
• Security
• Social Software
• Software Engineering
• Speakers
• The Zen of Results
• Videos
• Visual Studio
• WCF
• Work Tips

Archives

• November 2009 (1)
• October 2009 (1)
• September 2009 (4)
• August 2009 (8)
• July 2009 (9)
• June 2009 (11)
• May 2009 (3)
• April 2009 (7)
• March 2009 (10)
• February 2009 (11)
• January 2009 (18)
• December 2008 (14)
• November 2008 (19)
• October 2008 (11)
• September 2008 (25)
• August 2008 (6)
• July 2008 (2)
• June 2008 (4)
• May 2008 (5)
• April 2008 (7)
• March 2008 (11)
• February 2008 (10)
• January 2008 (24)
• December 2007 (20)
• November 2007 (7)
• October 2007 (18)
• September 2007 (5)
• August 2007 (10)
• July 2007 (5)
• June 2007 (7)
• May 2007 (14)
• April 2007 (7)
• March 2007 (48)
• February 2007 (20)
• January 2007 (16)
• December 2006 (11)
• November 2006 (5)
• October 2006 (12)
• July 2006 (1)
• June 2006 (1)
• May 2006 (2)
• April 2006 (7)
• March 2006 (7)
• February 2006 (1)
• December 2005 (5)
• October 2005 (4)
• September 2005 (2)

Best Of

• 7 Habits of Highly Effective PMs
• Clearing Your Inbox
• Get Lean, Eliminate Waste
• Timebox Your Day
• Results Approach
• Scannable Outcomes
• Patterns and Practices for New Hires
• Effectiveness Post Roundup
• 2007 Post Roundup
• My Projects on MSDN
• Writing Books on Time and On Budget
• Agile Architecture Method
• Agile Guidance Engineering

My Articles

• A Language for Architecture

My Blogs / Wikis

• Sources of Insight (Personal Development)
• Architecture Guidance Share
• Shaping Software

My Books

• Improving .NET Application Performance
• Improving Web Application Security
• Building Secure ASP.NET Apps
• Perf Testing Guidance for Web Apps
• Team Development with VSTS
• Security Engineering Explained
• Microsoft Application Architecture Guide 2.0
• Improving Web Services Security

Personal Development

• Lessons Learned in 2008
• Personal Development Books
• The Zen of Results (Free E-Book)
• 30 Day Improvement Sprints

Syndication

• RSS 2.0
• Atom 1.0