A Wiki to act as a community knowlege base for software security.
Threat Modeling – Security Design Guidelines – Security Design Inspection – Security Code Inspection – Security Deployment Inspection
Threats – Attacks – Vulnerabilities – Countermeasures
Authentication – Authorization – Auditing and Logging – Client Side Validation – Communications Security – Configuration Management – Cryptography – Exception Management – Input and Data Validation – Sensitive Data – Session Management
Authentication, Authorization and Trust – Cryptography and Secrets – Enviromental Problems – Input Validation – Logic Errors – Memory – Misuse of Language Features – Range – Type – Synchronization and Timing
Attack Patterns – Design Patterns – Implementation Patterns – Vulnerability Patterns
Principles – Patterns – Guidelines – Checklists – Review Questions – Test Cases
