DCSIMG
More Powerful Security Tool - אליק לוין

אליק לוין

עולמו של יועץ ממיקרוסופט

More Powerful Security Tool

I was blogging lately about security tools (see Most Powerful Security Tool). For some reason there is perception that security tools are about scanning, intercepting, cracking, and tampering - in other words, something reactive.

To me security tool is something that supports Security Engineering as the whole and can be anything from document templates to simple checklists. But my favorite is of course Guidance Explorer (see patterns&practices Guidance Explorer) that constantly gets updates (see He Who Doesn't Ask - Just Doesn't Get). Today it contains about 1000 prescriptive items for security and performance.

I've used it for the following scenarios:

  • Create high level security principles documents (yeah! it generates word documents - see picture below). It is suitable for adding it to RFP's or for PDR's (preliminary design reviews).
  • Create detailed prescriptive guidance for specific project. When you are to assess the team for security - they hate you, but if you proactively guide them - they love you.
  • Create custom views so you can generate you own sets of prescription items - say for AJAX.
  • Well it does not have AJAX items yet but you can create your own items.

Enjoy

פורסם: Feb 15 2007, 06:09 PM by alikl | with 3 comment(s)
תגים:, ,

תוכן התגובה

alik levin's כתב/ה:

I realized that for some reason lately I was concentrated on tools: Scriptomania - Scripting Tools and

# February 19, 2007 10:54 PM

alik levin's כתב/ה:

Guidance Explorer is not only very powerful security (and performance) guidance tool - recently it met

# March 28, 2007 9:59 PM

alik levin's כתב/ה:

Imagine if security was cool like Silverlight .... But security is not that cool, so the biggest challenge

# April 19, 2007 11:43 PM