WebApp Sec mailing list archives
RE: Security Patterns - Military Models
From: "Mark Curphey" <mark () curphey com>
Date: Fri, 23 Jul 2004 17:00:27 -0400
Thanks Herman. Excellent stuff. I am looking forward to getting my hands on this book as well. http://www.coresecuritypatterns.com The poster alone is a great reference. http://home.comcast.net/~nramesh/poster.pdf Sasha Romanoskys stuff is also excellent IMHO. Actually everything I read of his (her?) is superb. -----Original Message----- From: Herman Stevens [mailto:herman.stevens () ubizen com] Sent: Friday, July 23, 2004 7:15 AM To: webappsec () securityfocus com Subject: Re: Security Patterns - Military Models Some more higher level security patterns (Authoritative Source of Data, Risk Assessment and Management, Enterprise Partner Communication, Security Provider, Layered Security, ...) and some good pointers can be found on http://www.romanosky.net/papers. Another good starting point is http://www.securitypatterns.org. Mark Curphey wrote:
I was introduced to this by some of my Foundstone work colleagues a few weeks ago and I think it's very cool indeed, so thought I would share
it.
http://www.joeyoder.com/papers/patterns/Security/appsec.doc We teach it as a lab as part of a Building Secure Software training class and its very interesting to see how people relate to real-world scenarios with application architectures. Anyone else have any other gems ?
Current thread:
- Security Patterns - Military Models Mark Curphey (Jul 22)
- Re: Security Patterns - Military Models Peter Conrad (Jul 23)
- Re: Security Patterns - Military Models Herman Stevens (Jul 23)
- RE: Security Patterns - Military Models Mark Curphey (Jul 23)
- RE: Security Patterns - Military Models Mark Curphey (Jul 23)
- Re: Security Patterns - Military Models Ivan Ristic (Jul 25)