Key Points
by Donis Marshall and John Bruno
Solid Code: Optimizing the Software Development Life Cycle
- Solid Code: Optimizing the Software Development Life Cycle
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
- Recommendations for Solid Code
- Foreword
- Acknowledgements
- Introduction
- 1. Code Quality in an Agile World
- Traditional Methods of Software Development
- Agile Methods of Software Development
- Moving Quality Upstream
- Inside Microsoft: Windows Live Hotmail Engineering
- Tactics for Writing Solid Code
- Summary
- Key Points
- 2. Class Design and Prototyping
- 3. Metaprogramming
- 4. Performance Is a Feature
- Common Performance Challenges
- Analyzing Application Performance
- Tactics for Improving Web Application Performance
- Incorporating Performance Best Practices
- Inside Microsoft: Tackling Live Search Performance
- Summary
- Key Points
- 5. Designing for Scale
- Understanding Application Scalability
- Tactics for Scaling Web Applications
- Inside Microsoft: Managing the Windows Live Messenger Service Infrastructure
- Summary
- Key Points
- 6. Security Design and Implementation
- Common Application Security Threats
- Principles for Designing Secure Applications
- SD3+C Strategy and Practices for Secure Applications
- Secure by Design
- Implement Threat Modeling and Risk Mitigation Tactics
- Apply Best Practices to Application Design
- Apply .NET authentication and authorization mechanisms
- Encrypt sensitive data
- Assume external applications and code is insecure
- Design to fail, and fail securely
- Handle errors and exceptions securely
- Implement least privilege
- Implement privilege separation
- Sanitize input
- Validate security coding best practices with FxCop
- Incorporate security-focused code reviews
- Secure by Default
- Secure in Deployment and Communication
- Secure by Design
- Understanding .NET Framework Security Principles
- Additional Security Best Practices
- Summary
- Key Points
- 7. Managed Memory Model
- 8. Defensive Programming
- 9. Debugging
- 10. Code Analysis
- 11. Improving Engineering Processes
- 12. Attitude Is Everything
- A. Agile Development Resources
- B. Web Performance Resources
- About the Authors
- Index
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
Learn and understand common application security threats.
Apply security design principles within your application development team.
Establish a security process.
Incorporate defense-in-depth.
Apply the SD3+C strategy for secure applications.
Apply best practices for securing by design.
Apply .NET authentication and authorization mechanisms.
Encrypt sensitive data.
Assume external applications and code is insecure.
Design to fail, and fail securely.
Implement least privilege.
Implement privilege separation.
Sanitize input.
Validate security coding best practices with FxCop.
Incorporate security-focused code reviews.
Apply best practices for securing by default.
Install only necessary components by default.
Configure restrictive permissions by default.
Apply best practices for securing in deployment and communication.
Handle failures and errors securely.
Establish a support and bug remediation process.
Provide setup and configuration guidance to users.
Adhere to compliance requirements.
Involve users in the security dialog.
Establish a security response communication plan.
Understand and apply .NET Runtime Security Policies and Code Access Security.
Apply security-focused best practices in application testing processes.
Invest in protective infrastructure components.
-
No Comment