Applying the Secure Development Lifecycle to the Windows Communicaiton Foundation
On the first day of TechEd 2006 I did a chalk talk on this subject. It being the first day and the first talk of the day there wasn't a huge response. The reason I did this chalk talk is because there were numerous teams within Microsoft as well as external customers who learned about the WCF process and were interested in further details. I also attached the slide-deck for this presentation. I hope it renders correctly as I did create it in Beta 2 and converted it to 2003.
This talk will describe how the Windows Communication
Foundation (Indigo) team applied the Trustworthy Computing Security Development
Lifecycle to the WCF infrastructure. I’ll elaborate on the processes we
followed for design reviews, threat modeling, and security testing. I’ll also
describe how these processes (and lessons) can apply to securing your WCF