, Microsoft, Security Development Life Cycle (SDLC). SDLC , . SDLC . 2
. 2. Security Development Life Cycle (SDLC).
, SDLC. , (, , ), , " ", .
.
, .
security testing, fuzzy testing (fuzzing) , IP- .
(security buddies), .
Microsoft , , , .
() SD3C :
Secure in Design ; ; ;
Secure by Default ;
Secure in Deployment ;
Communication , ; .
(STRIDE)
STRIDE Microsoft :
Spoofing .: , "" ; , , .
Tampering ; , .
Repudiation , , , . repudiation-, (logging) , . , , ( ).
|
|
Information disclosure ; : .
Denial of service ; , , -.
Elevation of privilege ( ). : .
DREAD :
Damage , .
Reproducibility : ().
Exploitability : (); (), .
Affected users .
Discoverability .
.
, .
(audit log) , . .
"" . , ( - ).
:
,
( )
: .
(firewall) . "" " " , . . . , .
. 3
. 3. .
Windows , . Windows.
, , , "" IP-.