Security Engineering Explained - Introduction

From Guidance Share

Jump to: navigation, search

Note - patterns & practices Security Engineering is now live at

- J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Jason Taylor, Rudolph Araujo



This chapter summarizes the patterns & practices approach to security engineering. To design, build, and deploy secure applications, you must integrate security into your application development life cycle by including specific security-related activities in your current software engineering processes. Security-related activities include identifying security objectives; applying security design guidelines, patterns, and principles; conducting security architecture and design reviews; creating threat models; performing security code reviews; security testing; and conducting security deployment reviews. You can adopt these activities incrementally as you see fit. These security activities are integrated in MSF Agile, available with Visual Studio Team System. This combination provides tools, guidance, and workflow to help make security a seamless part of your development experience.


This guide describes an approach for integrating security into your software development life cycle. It describes the set of security activities that you should use to refine and extend your existing life cycle activities. This guide presents an overview of the approach and explains the main security engineering activates and how to adopt them. For further detailed guidance, on each of the activities see the Security Engineering Index at

This guide consists of the following chapters:

  • Chapter 1, “Security Engineering Approach,” summarizes the patterns & practices approach to security engineering and shows how the key security engineering activities fit into your software development life cycle.
  • Chapter 2, “Security Objectives,” summarizes the patterns & practices approach to security objectives by explaining what they are and why you should use them. Knowledge of your security objectives is essential to the success of all other

security-related activities.

  • Chapter 3, “Security Design Guidelines,” summarizes the patterns & practices approach to security design guidelines. Adopting security design guidelines can help reduce your attack surface by addressing common vulnerabilities, allowing

you to focus on the unique aspects of your design.

  • Chapter 4, “Threat Modeling,” summarizes the patterns & practices approach to threat modeling. Threat modeling is an engineering technique that you can use to help identify threats, attacks, vulnerabilities, and countermeasures that may be

relevant to your application.

  • Chapter 5, “Security Architecture and Design Review,” summarizes the patterns & practices approach to security architecture and design review by explaining what it is and why you should use it. It also describes the key concepts behind the approach.
  • Chapter 6, “Security Code Review,” summarizes the patterns & practices approach to security code review. Security code review is an effective mechanism for uncovering security issues before testing or deployment begins. Performing

code reviews helps you reduce the number of implementation errors in an application before it is deployed to a test team or to a customer.

  • Chapter 7, “Security Deployment Review,” summarizes the patterns & practices approach to security deployment review. A security deployment review is an activity that can be used to ensure that configuration and deployment problems are discovered before the application is in production.

Why We Wrote This Guide

We wrote this guide to accomplish the following:

  • To provide guidance on how to build software that meets your security objectives.
  • To help integrate security engineering throughout your application life cycle.
  • To explain key security-related activities such as threat modeling and to show you how to implement these approaches.

Features of the Guidance

To help maximize the value of this guidance, it provides the following features:

  • Life cycle approach. The guide provides end-to-end guidance on building software that meets your security objectives, throughout your application life cycle, to reduce risk and increase your return on software development costs.
  • Security frame. The guidance uses a security frame which is a pattern-based information model that defines a set of security-related categories specifically for the application type you are designing. These categories represent the areas where security mistakes are most often made. Patterns & practices security guidance includes context-specific security frames for each major application type.
  • Principles and practices. These serve as the foundation for the guidance and provide a stable basis for recommendations. They also reflect successful approaches used in the field.
  • Processes and activities. The guidance provides steps for key activities including threat modeling, security architecture and design reviews, security code reviews and security deployment reviews. For simplification and tangible results, the life

cycle is decomposed into activities with inputs, outputs, and steps. You can use the steps as a baseline or to help you evolve your own activities.

  • How Tos. The guidance includes a set of step-by-step procedures to help you implement key solutions from the guidance.
  • Modular. Each module within the guidance is designed to be read independently. You do not need to read the guidance from beginning to end to get the benefits,

although you are encouraged to read Security Engineering Explained to understand the big picture.

  • Job aids. The guide provides a number of review activities, including a security architecture and design review, to help you evaluate the security implications of your architecture and design choices early in the life cycle. A security code review

helps you spot potential security issues. Checklists that capture the key review elements are provided.

  • Subject matter expertise. The guidance exposes insight from various experts throughout Microsoft and from customers in the field.
  • Validation. The guidance is validated internally through testing. Also, extensive reviews have been performed by product, field, and product support teams.

Externally, the guidance is validated through community participation and extensive customer feedback cycles.


This guide is valuable for anyone who cares about application security objectives. It is designed to be used by team members from many different disciplines, including business analysts, architects, developers, testers, security analysts, and administrators. The guidance is task-based, and is centered on key security activities that should be performed at the various stages of the application life cycle.

How To Use This Guidance

You can read this guide from beginning to end, or you can read specific chapters to learn more about specific security engineering activities. You can adopt the security engineering activities described in this guide in their entirety for your organization, or if your software engineering processes do not include specific security activities you can incrementally adopt activities. The activities you should adopt first will depend on the security objectives you have identified, as well as any outstanding problems your process or application currently has.

Ways to Use the Guide

There are many ways to use this guidance. The following are some ideas:

  • Use it to learn about security engineering. Use the guide as an introduction and then use the companion Web-based resources at to learn more.
  • Incorporate security engineering into your application life cycle. Adopt the activities incrementally and incorporate them into your application life cycle.
  • Create training and promote security engineering within your organization. Create training from the concepts and activities described in this guide and use it to promote security engineering within your organization.

Applying Guidance to Your Role

This guide applies to the following roles:

  • Business analysts and the management team. Use techniques described in Chapter 2, “Security Objectives” to identify initial security objectives early in the life cycle.
  • Architects and lead developers. Use the principles and best-practice design guidelines in Chapter 3, “Security Design Guidelines,” to help architect and design systems capable of meeting security objectives. You can also use the threat modeling activity described in Chapter 4, “Threat Modeling” to help assess design choices before committing to a solution and you can use the review activity described in Chapter 5, “Security Architecture and Design Review” to review architectural and design decisions before costly mistakes are made.
  • Developers. Use the security code review techniques highlighted in Chapter 6, “Security Code Review” to analyze your code and identify security issues before your code is tested.
  • Administrators and operations staff. Use the deployment review techniques descried in Chapter 7, “Security Deployment Review” to ensure that configuration errors do not introduce security vulnerabilities at application deployment time.


Provide feedback by using either a Wiki or e-mail:

  • E-mail. Send e-mail to

We are particularly interested in feedback regarding the following:

  • Technical issues specific to recommendations
  • Usefulness and usability issues

The Team That Brought You This Guide

This guide was produced by the following individuals:

  • J.D. Meier
  • Alex Mackman
  • Blaine Wastell
  • Prashant Bansode
  • Jason Taylor
  • Rudolph Araujo

Contributors and Reviewers

Many thanks to the following contributors and reviewers:

  • External Contributors and Reviewers: Anil John, Johns Hopkins University -

Applied Physics Laboratory; Frank Heidt; Keith Brown Pluralsight LLC; Mark Curphey, Foundstone Professional Services

  • Microsoft Services and PSS Contributors and Reviewers: Adam Semel,

Denny Dayton, Gregor Noriskin, Kate Baroni, Tom Christian, Wade Mascia

  • Microsoft Product Group: Charlie Kaufman, Don Willits, Mike Downen, Rick


  • Microsoft IT Contributors and Reviewers: Akshay Aggarwal, Irfan Chaudhry,

Shawn Veney, Talhah Mir

  • MSDN Contributors and Reviewers: Kent Sharkey
  • Microsoft EEG: Corey Ladas, James Waletzky

xii Security Engineering Explained

  • Test team: Larry Brader, Microsoft Corporation; Nadupalli Venkata Surya

Sateesh, Sivanthapatham Shanmugasundaram, Infosys Technologies Ltd.

  • Edit team: Nelly Delgado, Microsoft Corporation; Sharon Smith, Linda Werner &


  • Release Management: Sanjeev Garg, Microsoft Corporation

Tell Us About Your Success

If this guide helps you, we would like to know. Tell us by writing a short summary of the problems you faced and how this guide helped you out. Submit your summary to


The patterns & practices approach to security engineering focuses on integrating security into your life cycle through the adoption of a limited set of key security activities. The specific activities that make up the security engineering discipline include defining security objectives, applying design guidelines for security, creating threat models, conducting architecture and design reviews for security, completing code reviews for security, and performing deployment reviews for security. This chapter introduced you to the Security Engineering Explained guide. Subsequent chapters in this guide explain each of the security engineering activities in more detail.

Additional Resources

For more information, see

Personal tools