patterns & practices: Security
Security Guidance for Applications Index|
This page provides an index of patterns & practices Security Guidance for applications. The resources include guides and books available on MSDN together with modular content of various types including scenarios and solutions, guidelines, explained, checklists, and How Tos.
Web Service Security Guidance|
Provides architectural, design, and implementation guidance for applying security to Web services by using Web Services Enhancements (WSE) 3.0 and the .NET Framework 2.0. Includes scenarios, patterns, decision matrices, and QuickStarts to help you make the most appropriate decisions based on your solution’s requirements.
Security Guidance for .NET Framework 2.0|
This page explains the rationale behind the patterns & practices Security Guidance for .NET Framework 2.0 project and provides an index into the guidance. You can use the guidance referenced on this page to improve both the security of your applications and your approach to building applications to meet your security objectives.
Security Engineering Index|
This page provides an index to available and emerging guidance for patterns & practices Security Engineering. To build secure applications, security engineering activities must be an integral part of your software development practices.
Threat Modeling Web Applications|
This guidance presents the patterns & practices approach to creating threat models for Web applications. Threat modeling is an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application.
Authentication in ASP.NET: .NET Security Guidance|
This document offers guidance to the application architect who is responsible for designing a security model for a Web-based application running on the .NET platform. The guide explains the relationship between IIS and ASP.NET from a security standpoint and describes the set of available authentication methods. It also contains procedures that can help you choose the most appropriate authentication method based on your particular application scenario.
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication|
This guide presents a practical, scenario-driven approach to designing and building secure ASP.NET applications for Windows 2000 and .NET Framework version 1.0. It focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications.
Cryptography Application Block|
The Cryptography Application Block is a component of Enterprise Library which makes it easier to include cryptographic functionality in .NET applications. The block provides a simple interface to DPAPI, symmetric encryption and hashing, and uses the Enterprise Library configuration tool to simplify key management.
Designing Application-Managed Authorization|
This guide provides guidelines for designing and coding application-managed authorization for single or multi-tier applications that are based on Microsoft® .NET. It focuses on common authorization tasks and scenarios, and it provides information that helps you choose the best approaches and techniques. This guide is intended for architects and developers.
Improving Web Application Security: Threats and Countermeasures|
This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient.
Security Application Block|
The Security Application Block is a component of Enterprise Library that builds on the capabilities of the Microsoft .NET Framework to help you perform authentication, authorization, check role membership and access profile information.
Top of page
Related Developer Centers