共用方式為


patterns & practices Security Guidance for Applications Index

 

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

patterns & practices Developer Center

J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, Rudolph Araujo

Microsoft Corporation

August 2005

Summary

This page provides an index of patterns & practices Security Guidance for applications. The resources include guides and books available on MSDN together with modular content of various types including scenarios and solutions, guidelines, explained, checklists, and How Tos.

Contents

How To Use This Guidance Security Engineering
Guides
Scenarios and Solutions
Guidelines
Practices at a Glance
Explained
Checklists
How Tos

How To Use This Guidance

The security guidance is packaged as a series of modules. This modular approach to guidance ensures that each document has high context precision. This means that when you have a specific problem, you will find specific guidance that will give you the steps to work through the problem to a successful conclusion. This also means that each module can stand alone or be placed together into a larger whole and that you can use multiple entry-points to get to the guidance you need.

Security Engineering

patterns & practices Security Engineering builds on, refines, and extends core development activities to create security-specific activities.

Guides

The following guides are available on MSDN and are also available as books:

Scenarios and Solutions

Scenario and Solution modules show common end-to-end application scenarios, such as a Web server to database server intranet scenario, and present the common solutions. Each Scenario and Solution includes skeletal representations of the before and after pictures. They highlight the key issues and the main engineering decisions that represent risk. For example, this includes decisions around authentication, authorization, and secure communications. The library of Scenarios and Solutions is organized by application type and problem domain.

Guidelines

Guideline modules organize key information and explain what to do, why you should do it, and how you can implement it. Guideline modules often have corresponding checklists.

Practices at a Glance

Practices at a Glance modules are quick answers organized around common tasks and questions.

.NET Framework 1.1

.NET Framework 2.0

Explained

Explained modules address how things work along with design intentions, extensibility points, and usage scenarios.

.NET Framework 1.1

.NET Framework 2.0

Checklists

Checklists enumerate recommendations as itemized lists. The recommendations within the checklists are typically organized using an information model based on a problem domain.

How Tos

How Tos provide step-by-step, task-based guidance.

Feedback

Provide feedback by using either a Wiki or e-mail:

We are particularly interested in feedback regarding the following:

  • Technical issues specific to recommendations
  • Usefulness and usability issues

Technical Support

Technical support for the Microsoft products and technologies referenced in this guidance is provided by Microsoft Support Services. For product support information, see the Microsoft Support Web site at https://support.microsoft.com.

Community and Newsgroups

Community support is provided in the forums and newsgroups:

To get the most benefit, find the newsgroup that corresponds to your technology or problem. For example, if you have a problem with ASP.NET security features, you would use the ASP.NET Security forum.

Test, Edit, and Release Team

  • Test team: Larry Brader, Microsoft Corporation; Nadupalli Venkata Surya Sateesh, Sivanthapatham Shanmugasundaram, Infosys Technologies Ltd.
  • Edit team: Nelly Delgado, Microsoft Corporation; Tina Burden McGrayne, TinaTech Inc.
  • Release Management: Sanjeev Garg, Microsoft Corporation

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.