My blog has moved and can now be found at

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Saturday, November 15, 2003
« Home Computer Security Site | Main | TechNet Security Information for IT Pro'... »

Threat Modeling

Threat modeling has become one of the top security analysis methodologies that Microsoft’s developers use to identify risks and make better design, coding, and testing decisions. This book provides a clear, concise explanation of the threat-modeling process, describing a structured approach you can use to assess the security vulnerabilities for any application, regardless of platform. Software designers and developers discover how to use threat modeling during the specification phase of a new project or a major revision—from verifying application architecture to identifying and evaluating threats and designing countermeasures. Test engineers discover how to apply threat-modeling principles when creating test plans to verify results. It’s the essential, high-level reference for software professionals responsible for designing, refining, and maximizing the security features in their application architecture.

Web Application Security Assessment

Examine Microsoft’s structured methodology for reviewing Web applications for security bugs—from design to deployment—and apply proven practices and code to your own development efforts. Now you can benefit from the many lessons Microsoft has learned about testing Web applications for security bugs. A must-have reference for every Web developer and tester, this book presents a comprehensive, structured methodology for identifying and addressing the most common, real-world security issues for Web applications throughout the development process. Written by the principal, front-line Web security assessment team at Microsoft, this guide walks you through each of the critical stages for effective security testing, including designing for and assessing security features; identifying security vulnerabilities and executing the assessment; and enhancing infrastructure security before application deployment, including best practices for locking down Microsoft® Windows Server™ 2003, Microsoft Internet Information Services (IIS), and Microsoft SQL Server. Get the entire book’s sample code via the Web—and easily apply this expert author team’s techniques and tools to your own programs.

UPDATE: Books are now shipping

[Now Playing: Mujhko Huyi Na Kabar (Le Gayi) - Dil To Pagal Hai]

Tags:: Security
11/15/2003 9:16 PM Eastern Standard Time  |  Comments [1]  |  Disclaimer  |  Permalink   
Sunday, May 8, 2005 12:06:55 AM (Eastern Daylight Time, UTC-04:00)
The above link for "Web Application Security Assessment" is lost, isn't it?
Comments are closed.