This is an oldie but a goodie. Alex (from our original team) walks through our patterns & practices Security Engineering Approach. I knew the video exists, but I had a hard time finding it again so I'm posting the link here.
A few things have changed since our original video:
- We changed from reviews to inspections (Security Design Inspection, Security Code Inspection, and Security Deployment Inspection) In our approach, we *inspect* for criteria.
- MSDN moved our Security Engineering landing page.
- We released Guidance Explorer which supports doing Security Inspections. It includes collections of security inspection questions, security principles, patterns and practices. See How To Use Guidance Explorer to Do a Security Code Inspection.
My Related Posts