Software development security check list

by Vahid 6. April 2009 17:11

Recentely i have joined a new as a technical architect. the very thing after getting to the domain was to evaluate the team technical capabalities. so i went through some their codes and found some disaster. i can say that nothing is done regarding to security. i still cannot believe what i have seen. but anyway i shared a handy document about application security with them. hope it will be helpfull for them. so i thought of sharing the same document with you.

To build software that meets our security objectives, we must integrate security activities into our software development lifecycle. I used to use a very handy handbook about security check list. This handbook captures and summarises the key security engineering activities that should be an integral part of your software development processes.

This handbook is a quick reference for developers that summarises the key security engineering activities that should be an integral part of software development processes. These security engineering activities have been eveloped by Microsoft patterns & practices to build on, refine and extend core lifecycle activities with a set of security-specific activities. This handbook provides a snapshot view of the steps necessary to perform each activity, references for additional reading about each activity, and a comprehensive set of security checkliststhat you can use as job aids while developing our software. Audience This handbook provides security activity guidance, checklists and question lists for application architects and software developers who want to improve the security of the applications that they develop. Software developers are the primary audience, but the security engineering activities that this handbook summarises are designed to be used by team members from many different disciplines, including business analysts, architects, developers, testers, security analysts and administrators. The handbook is task-based and is centered on key security activities that you should perform at the various stages of the application lifecycle. The question lists and checklists in Part II of the handbook are job aids and
quick reference sheets that software developers should use when designing and implementing solutions.

 you can download pdf format of the book from the follwoing address:


.Net | Learning resource | Technical