Abolfazl Hadi

Introduction

Toady's,almost all systems are connected and  security aspect of the application  is more important than the past.According to Gartner trend of attacks changed from networks and infrastructures to applications.For developing secure application, we need to change our thinking approach about security. We must create awareness in our development team (or in our organization), train team members in security concerns, tailor security in development life cycle, model threats, review application parts to find out security vulnerabilities, use experts for doing  penetration tests, provide an infrastructure to delivering security patch to users as soon as possible and so on.

By using proper tools for developing and deploying secure application, we ensure that modeling, reviewing, and analyzing of security aspects of  the application is more structural, accurate and fast.But which types of security tools we need ?

Sample Scenario

Suppose you are developing a software application that will be deployed on a server. The following shape depicts the scenario:

Types of Security Tools

The followings are types of security tools that a developer needs to model,develop and deploy software solutions :
 

• Development Tools
  • Threat Modeling Tools
  • Security Guidelines Analyzer Tools 
  • Vulnerability Code Analyzer Tools
• Deployment Tools
  • Signing Tools
  • Obfuscator Tools
  • Configuration Analyzer Tools
  • Secure Auto-Update Tools 
  • Application Firewall Tools
• Penetration Tools
  • Resource Enumerator Tools
  • Vulnerability Scanner Tools
     
     

Security Tools Usage in Sample Scenario

Quote of the Day:
In life, as in chess, forethought wins.
--Charles Buxton

Two weeks ago, my friend Yusef Mehrdad asked me about a good reference on architectural anti-patterns and here is my answer :

• I haven't seen any centeralized source for Architecture Anti-Patterns.
• Based on te architectural style  that you choose for your project, you can find some bad practices (anti-patterns). For example the following link is about using Replication as an anti-pattern in Service Oriented Architecture:

                    http://msdn.microsoft.com/en-us/library/bb245678.aspx

• About 5 years age, When I was preparing my course about software architecture, I found the following post as a good start point :

                    http://www.theserverside.net/news/thread.tss?thread_id=27414 

• If you googling the web, you can find some interesting materials about the Architectural Anti-Patterns, but most of these contents are mixed up with Design Anti-Patterns, lessons learned and so on. For example "Reinvent the Wheel" is one of the anti-patterns mentioned in the following source. But I think it is just opposite of one of the popular best practice ("Do not Reinvent the Wheel") that can be applied to programming, design and architecture and it is not  a specific architectural anti-pattern:                                                

                    http://sourcemaking.com/antipatterns/software-architecture-antipatterns

                    and also this :

                     http://www.antipatterns.com/arch_cat.htm

• If you are interested in anti-patterns in software development in general, the following source is good one:

AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis