Re: Security Patterns - Military Models

[Ivan Ristic <ivanr () webkreator com>]

Mark Curphey wrote:
> I was introduced to this by some of my Foundstone work colleagues a few
> weeks ago and I think it's very cool indeed, so thought I would share it. 
>
> http://www.joeyoder.com/papers/patterns/Security/appsec.doc
>
> We teach it as a lab as part of a Building Secure Software training class
> and its very interesting to see how people relate to real-world scenarios
> with application architectures.
>
> Anyone else have any other gems ?

  Sure:

  Security Design Patterns from the Open Group:
  http://www.opengroup.org/publications/catalog/g031.htm
  (13 patterns, 102 pages)

  And the content that used to exist on securitypatterns.com
  and patterns.nailabs.com:

http://www.modsecurity.org/archive/securitypatterns/dmdj_repository.pdf
http://www.modsecurity.org/archive/securitypatterns/dmdj_final_report.pdf
http://www.modsecurity.org/archive/securitypatterns/dmdj_template_and_tutorial.pdf
  (29 patterns, >200 pages)

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]