Security

Security

How to address threats, attacks, vulnerabilities, and countermeasures.

Threats, Attacks, Vulnerabilities, and Countermeasures

What’s the difference between software threats, attacks, and vulnerabilities?  While working on Improving Web Application security, we found a lot of confusion, so we...

STRIDE Explained

STRIDE is an acronym to help you think about potential software security threats and attacks.  It helps you think evil (i.e. like an attacker.) ...

Quality Attributes Frame

I found an organizing frame for quality attributes (security, performance, ... etc.) on SoftwareArchitectures.com and I think it's helpful.  They organize quality attributes by...

Security Approaches That Don’t Work

Photo by CarbonNYC If it’s not broken, then don’t fix it ... The problem is, you may have an approach that isn’t working, or it’s not...

Visual Threats and Countermeasures

While working on patterns & practices Security guidance, I pushed the idea of "Visual Threats and Countermeasures."  I wanted a simple way to...