patterns & practices Security Guidance for Applications Index

 

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, Rudolph Araujo

Microsoft Corporation

August 2005

Summary

This page provides an index of patterns & practices Security Guidance for applications. The resources include guides and books available on MSDN together with modular content of various types including scenarios and solutions, guidelines, explained, checklists, and How Tos.

Contents

How To Use This Guidance Security Engineering
Guides
Scenarios and Solutions
Guidelines
Practices at a Glance
Explained
Checklists
How Tos

How To Use This Guidance

The security guidance is packaged as a series of modules. This modular approach to guidance ensures that each document has high context precision. This means that when you have a specific problem, you will find specific guidance that will give you the steps to work through the problem to a successful conclusion. This also means that each module can stand alone or be placed together into a larger whole and that you can use multiple entry-points to get to the guidance you need.

Security Engineering

patterns & practices Security Engineering builds on, refines, and extends core development activities to create security-specific activities.

• patterns & practices Security Engineering Index
• Security Engineering Explained

Guides

The following guides are available on MSDN and are also available as books:

• Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
• Improving Web Application Security: Threats and Countermeasures

Scenarios and Solutions

Scenario and Solution modules show common end-to-end application scenarios, such as a Web server to database server intranet scenario, and present the common solutions. Each Scenario and Solution includes skeletal representations of the before and after pictures. They highlight the key issues and the main engineering decisions that represent risk. For example, this includes decisions around authentication, authorization, and secure communications. The library of Scenarios and Solutions is organized by application type and problem domain.

• Intranet Scenarios and Solutions for ASP.NET 1.1
• Extranet Scenarios and Solutions for ASP.NET 1.1
• Internet Scenarios and Solutions for ASP.NET 1.1

Guidelines

Guideline modules organize key information and explain what to do, why you should do it, and how you can implement it. Guideline modules often have corresponding checklists.

• patterns & practices Security Guidelines Index

Practices at a Glance

Practices at a Glance modules are quick answers organized around common tasks and questions.

.NET Framework 1.1

• Security Practices: .NET Framework 1.1 Security Practices at a Glance

.NET Framework 2.0

• Security Practices: .NET Framework 2.0 Security Practices at a Glance
• Security Practices: ASP.NET 2.0 Security Practices at a Glance

Explained

Explained modules address how things work along with design intentions, extensibility points, and usage scenarios.

.NET Framework 1.1

• Explained: ASP.NET 1.1 Request Processing
• Explained: Machine and Web.Config [Content link no longer available, original URL:https://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh19.asp]

.NET Framework 2.0

• Explained: Forms Authentication in ASP.NET 2.0
• Explained: Windows Authentication in ASP.NET 2.0

Checklists

Checklists enumerate recommendations as itemized lists. The recommendations within the checklists are typically organized using an information model based on a problem domain.

• patterns & practices Checklists Index

How Tos

How Tos provide step-by-step, task-based guidance.

• patterns & practices Security How Tos Index

Feedback

Provide feedback by using either a Wiki or e-mail:

• Wiki. Security guidance feedback page at
  https://channel9.msdn.com/wiki/securityguidancefeedback/
• E-mail. Send e-mail to secguide@microsoft.com.

We are particularly interested in feedback regarding the following:

• Technical issues specific to recommendations
• Usefulness and usability issues

Technical Support

Technical support for the Microsoft products and technologies referenced in this guidance is provided by Microsoft Support Services. For product support information, see the Microsoft Support Web site at https://support.microsoft.com.

Community and Newsgroups

Community support is provided in the forums and newsgroups:

• MSDN Newsgroups: https://www.microsoft.com/communities/newsgroups/default.mspx
• ASP.NET Forums:http://forums.asp.net

To get the most benefit, find the newsgroup that corresponds to your technology or problem. For example, if you have a problem with ASP.NET security features, you would use the ASP.NET Security forum.

Test, Edit, and Release Team

• Test team: Larry Brader, Microsoft Corporation; Nadupalli Venkata Surya Sateesh, Sivanthapatham Shanmugasundaram, Infosys Technologies Ltd.
• Edit team: Nelly Delgado, Microsoft Corporation; Tina Burden McGrayne, TinaTech Inc.
• Release Management: Sanjeev Garg, Microsoft Corporation

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.