Paper 2

Research Paper: Microsoft Software Development Security

Overview

The purposes of this assignment is:

• To analyze and inspect main components of Microsoft SDLC (Secure Development Lifecycle Process).
• To describe and explain security features and essential security configuration of Microsoft .NET framework and ASP.NET.

Research

Please refer to following resources to complete this project:

• Textbook Chapter 26 and Chapter 29
• SDLC: https://www.microsoft.com/en-us/securityengineering/sdl/practices
• .NET: https://docs.microsoft.com/en-us/dotnet/standard/security/
• .NET:https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/DotNet_Security_Cheat_Sheet.md
• NET: https://support.microsoft.com/en-us/help/891028/asp-net-security-overview
• Other resources you find

Write

Part 1: Microsoft SDLC Practices

• Carefully review the Microsoft SDLC page.
• Prepare a 250-300 word overview of the Microsoft SDLC practices. Summarize all 12 of the practices in SDLC.
• Select one of the following practices. In one paragraph, research and summarize available tools in the market:
• Practice #4 – Threat modeling
• Practice #9 – Perform Static Analysis Security Testing (SAST)
• Practice #10 – Perform Dynamic Analysis Security Testing (DAST)
• Practice #11 – Perform Penetration Testing

Part 2: .NET Security Guidelines
Describe essential items in a.NET security guidelines in 150-200 words. Use the textbook, Microsoft .NET security page, OWASP GitHub page, and any other authoritative resources you find.
 
Part 3: ASP.NET Security Guidelines
Describe essential items in a ASP.NET security guidelines in 150-200 words. Use the textbook, Microsoft .NET security page, OWASP GitHub page, and any other authoritative resources you find.