Context Precision

A Web application is not a component is not a desktop application is not a Web service. If I gave you an approach to threat model a Web application, you can probably stretch the rubber band to fit Web services too. You could probably even bend it to work for components or mobile applications. The…

4

Threat Modeling Terms and How To Use Them

I see a lot of confusion over terms when it comes to threat modeling.  The terms matter because they shape focus.  For example if you confuse threats with attacks, you’ve limited what you’re looking for. There are the terms we used when we created our How To Threat Model Web Applications: Asset. An asset is…

1

Security Guidance for .NET 2.0 Index

The following is an index of the patterns & practices Security Guidance released as part of the Security Guidance for .NET 2.0 project.  Short-CutsYou can append SecurityGuidance, SecurityEngineering, or ThreatModeling to http://msdn.com or http://microsoft.com . Security Guidance Index: http://msdn.com/SecurityGuidance Security Engineering: http://msdn.com/SecurityEngineering Threat Modeling: http://msdn.com/ThreatModeling Indexes Security Guidance Index Security Engineering Index Security How To Index Security…

2

My Role on the patterns & practices Team

I’m J.D. Meier, the PM for security and performance on the patterns & practices team. My manager refers to me as the “abilities” PM.   I create guidance to help customers bake security and performance into their life cycle.  Why performance and security? … Who wants an insecure app that scales … or a “secure” app…

0