Security

Security

How to address threats, attacks, vulnerabilities, and countermeasures.

Threats, Attacks, Vulnerabilities, and Countermeasures

What’s the difference between software threats, attacks, and vulnerabilities?  While working on Improving Web Application security, we found a lot of confusion, so we...

Cloud Security Frame

Here is a draft of our Cloud Security Frame as part of our early exploration work for our patterns & practices Cloud Security Project. It’s a lens for looking at Cloud Security. The frame is simply a collection of Hot Spots. Each Hot Spot represents an actionable category for information. Using Hot Spots, you can quickly find pain and opportunities, or key decision points.

Security Hot Spots

Security Hot Spots are a lens for security. If you know what you're looking for, you can find it. When you don't know what you're looking for, you can waste a lot of time. The Hot Spots provide a way to find, organize and share software security knowledge. You can use hot spots to share principles, patterns, and practices. You can also use hot spots to share knowledge around threats, attacks, vulnerabilities, and countermeasures. Rather than deal with a laundry list of information, use hot spots to focus your attention on key categories. The Hot Spots are actionable and they are high ROI. The Hot Spots helps you simplify, clarify and gain insight before you elaborate, maximize and optimize.

Quality Attributes Frame

I found an organizing frame for quality attributes (security, performance, ... etc.) on SoftwareArchitectures.com and I think it's helpful.  They organize quality attributes by...

STRIDE Explained

STRIDE is an acronym to help you think about potential software security threats and attacks.  It helps you think evil (i.e. like an attacker.) ...