公告

最新评论

  • Re:非常炫的HTML编辑器:ComponentArt Editor for ASP.NET
  • xuexihtml
  • -001
  • Re:非非.Net代码生成器
  • -杨
  • Re:ReSharper
  • I've figured out a lot of important matters by way of your current write-up. I will love to talk about that could be a circumstance in which you will certainly apply for a mortgage and never require a co-signer say for example a Regime Pupil Help Personal loan. Nonetheless in case you are getting this college loan via a typical lender then you definitely have to be made willing to have a co-signer willing to enable you to. Lenders can easily bottom part their own individual selection on the handful of factors even so the most critical will probably be your credit worthiness. There are numerous creditors that can additionally examine work background choose determined by that will playing with nearly all situations it will depend upon your current review.
    coque iphone 8 https://www.anten.fr/
  • -vvsvul@gmail.com
  • Re:FCKeditor
  • 32
  • -321
  • Re:DW版在线编辑器
  • 制作网页
  • -樱桃

统计信息

资源数: 167
评论数: 79
访问次数: 2071068
建立时间: 2012-09-09

Microsoft Threat Analysis & Modeling


资源分类:代码审查工具    更新日期:12/5/2007

主页:http://msdn2.microsoft.com/en-us/security/aa570413.aspx  

语言:英文  授权形式:免费

作为程序员,您一定不会忘记安全性检查,而微软为.net程序员们请了一个好助手,Microsoft Threat Analysis & Modeling tool 可以帮助您尽早发现.net程序里出现的问题,它可以找出以下类型的问题:
- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports
Microsoft Threat Analysis & Modeling tool 里面预定了攻击库(pre-defined attack library),包括SQL、XML、HTTP、网络协议、SOAP等各种技术所面临的特定威胁已经包含在里面。例如,如果你在定义系统组件时,指定你的系统是基于Web的系统,而且里面有数据库查询,那一定会面临SQL注入式攻击。
当你定义了所有要素之后,Microsoft Threat Analysis & Modeling v2.0 将会产生数据访问控制矩阵,组件访问控制矩阵、受攻击的区域、信任流、调用流程、数据流程等信息,同时将会针对特定的项目团队中的角色(如系统分析、设计、开发、测试、运行维护等)分别提供不同的报表,以帮助他们关注各身需要解决的重点安全问题。

下载:Microsoft Threat Analysis & Modeling v2.1.2

评论

标题

 

姓名

 

主页

内容(请不要发布任何违反国家相关法律、违背社会伦理道德的内容)

 

验证码:  

© 2020 CodeUsing.com All Rights Reserved.   蒙ICP备12002817号-1