Security Guidance for .NET Framework 2.0

Available on MSDN

The following security guidance is now available on MSDN:

Guidelines:

Checklists:

• Security Checklist: .NET Framework 2.0

• Security Checklist: ADO.NET 2.0 

Security Engineering Explained and Security Deployment Review for ASP.NET 2.0 are now available on MSDN

We just released patterns & practices Security Engineering Explained and How To: Perform a Security Deployment Review for ASP.NET 2.0  on MSDN.

The Security Engineering Explained PDF builds on the guidance from Improving Web Application Security: Threats and Countermeasures. The PDF contains the following chapters: 

• Introduction
• Chapter 1, Security Engineering Approach
• Chapter 2, Security Objectives
• Chapter 3, Security Design Guidelines
• Chapter 4, Threat Modeling
• Chapter 5, Security Architecture and Design Review
• Chapter 6, Security Code Review
• Chapter 7, Security Deployment Review

The How To: Perform a Security Deployment Review for ASP.NET 2.0 shows you how to perform a security deployment review for an ASP.NET 2.0 application and how to identify potential security vulnerabilities introduced by inappropriate configuration settings.

Released How To: Perform a Security Code Review for Managed Code (.NET Framework 2.0)

We released an updated version of our Security Code Review today called How To: Perform a Security Code Review for Managed Code (.NET Framework 2.0).

This improves our original security code review for .NET Framework 1.1 in Threats and Countermeasures. The new version outlines the code review process which uses a question driven approach by technology. 

Use the companion question lists to determine if your application is susceptible to the listed security issues. The companion Question Lists are:

• Security Question List: ASP.NET 2.0
• Security Question List: Managed Code (.NET Framework 2.0)

Web Cast on Security Engineering by patterns & practices Team

Alex Mackman, core team member, delivers Security Engineering Web Cast.

In this webcast, we introduce you to the Microsoft patterns & practices approach to security that spans the life cycle of your application. These security measures include threat modeling, architecture, and design reviews for security, code reviews, and deployment reviews. Join us as we highlight the existing and emerging security guidance available to developers.

Available on MSDN

The following are some links to available patterns & practices Security Guidance on MSDN.

Short Cut URLs

• /ThreatModeling
• /SecurityGuidance
• /SecurityEngineering

To use, append to the end http://msdn.com.

Indexes

• Security Guidance Index: http://msdn.microsoft.com/SecurityGuidance 
• Security Engineering Index: http://msdn.microsoft.com/SecurityEngineering 
• Security How To Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityHowTosIndex.asp 
• Threat Modeling: http://msdn.microsoft.com/ThreatModeling

Views

• Security Guidance for .NET Framework 2.0: http://msdn.microsoft.com/library/en-us/dnpag2/html/AppSecGuidanceForFrameworkV2.asp?frame=true 
• ASP.NET 1.1 Security Guidance Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/ASPNET11SecurityGuidanceIndex.asp?frame=true 
• ASP.NET 2.0 Security Guidance Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/ASPNET2SecurityGuidanceIndex.asp?frame=true

ASP.NET 2.0

• ASP.NET 2.0 Security Guidance Index:  http://msdn.microsoft.com/library/en-us/dnpag2/html/ASPNET2SecurityGuidanceIndex.asp?frame=true 
• ASP.NET 2.0 Security Guidelines: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGGuidelines0001.asp?frame=true 
• ASP.NET 2.0 Security Checklist: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGCK0001.asp?frame=true 
• ASP.NET 2.0 Security Practices: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGPractices0001.asp?frame=true 
• ASP.NET 2.0 Security How Tos: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityHowTosIndex.asp?frame=true

Security Engineering

• Security Engineering Index: http://msdn.microsoft.com/SecurityEngineering 
• Web Application Security Engineering Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/WebAppSecurityEngIndex.asp?frame=true 
• Security Architecture and Design Review Index: http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityArchAndDesignReviewIndex.asp?frame=true 
• Security Deployment Review Index:  http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityDeploymentReviewIndex.asp?frame=true 
• Threat Modeling Web Applications: http://msdn.microsoft.com/library/en-us/dnpag2/html/TMWA.asp?frame=true
  

About the Security Guidance for .NET Framework 2.0 Project

The patterns & practices team is building application security guidance and security engineering guidance for .NET Framework 2.0 (Whidbey).  The breakdown is as follows: