One of the key things that developers can do to help secure their systems is to write code that can withstand attack and use security features properly. If you are one of those developers who are interested in understanding how to write secure code, i would suggest you go through the following MSDN article containing links to best practices and how-to articles on writing secure code.
Article – Writing Secure Code
Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:
- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports
