Architecture and Design Review Process

The architecture and design review process analyzes the architecture and design from a security perspective. If you have just completed the design, the design documentation can help you with this process. Regardless of how comprehensive your design documentation is, you must be able to decompose your application and be able to identify key items, including trust boundaries, data flow, entry points, and privileged code. You must also know the physical deployment configuration of your application. Pay attention to the design approaches you have adopted for those areas that most commonly exhibit vulnerabilities. This guide refers to these as application vulnerability categories.

Consider the following aspects when you review the architecture and design of your application:

• Deployment and infrastructure . You review the design of your application in relation to the target deployment environment and the associated security policies. You also consider the restrictions imposed by the underlying infrastructure-layer security.

• Application architecture and design . You review the approach to critical areas in your application, including authentication, authorization, input validation, exception management, and other areas. You can use the application vulnerability categories as a roadmap and to ensure that you do not miss any key areas during the review.

• Tier-by- tier analysis . You walk through the logical tiers of your application and examine the security of ASP.NET Web pages and controls, Web services, serviced components , Microsoft .NET Remoting, data access code, and others.

Figure 5.1 shows this three-pronged approach to the review process.

Figure 5.1: Application review

The remainder of this chapter presents the key considerations and questions to ask during the review process for each of these distinct areas.