WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security Patterns - Military Models

From: "Mark Curphey" <mark () curphey com>
Date: Fri, 23 Jul 2004 17:00:27 -0400
Thanks Herman. Excellent stuff. I am looking forward to getting my hands on
this book as well. 

http://www.coresecuritypatterns.com 

The poster alone is a great reference. 

http://home.comcast.net/~nramesh/poster.pdf

Sasha Romanoskys stuff is also excellent IMHO. Actually everything I read of
his (her?) is superb.

-----Original Message-----
From: Herman Stevens [mailto:herman.stevens () ubizen com] 
Sent: Friday, July 23, 2004 7:15 AM
To: webappsec () securityfocus com
Subject: Re: Security Patterns - Military Models

Some more higher level security patterns (Authoritative Source of Data, Risk
Assessment and Management, Enterprise Partner Communication, Security
Provider, Layered Security, ...) and some good pointers can be found on
http://www.romanosky.net/papers.

Another good starting point is http://www.securitypatterns.org.

Mark Curphey wrote:


I was introduced to this by some of my Foundstone work colleagues a 
few weeks ago and I think it's very cool indeed, so thought I would share

it.


http://www.joeyoder.com/papers/patterns/Security/appsec.doc

We teach it as a lab as part of a Building Secure Software training 
class and its very interesting to see how people relate to real-world 
scenarios with application architectures.

Anyone else have any other gems ?
Previous By Date Next
Previous By Thread Next

Current thread: