Arctec Group Articles and Resources

Architectural Services | Resources | Views | Contact Arctec Group

Arctec Group Articles

IEEE Security & Privacy Journal: Logging in the Age of Web Services

IEEE Security & Privacy Journal: Service-Oriented Security Indications for Use

Silver Bullet Security Interview with Gunnar Peterson

SANS Webcast: Security for Web Services and SOA

ebizQ Roundtable:SOA Security - The Real Deal or Much Ado About Nothing

Web Services Security Checklist

SOA Magazine Article: Security in SOA

Training: SOA, Web Services, and XML Security Training

OWASP Europe XML Security Gateway Evaluation Criteria Project

Security Architecture Blueprint - a strategic approach to enterprise security

IEEE S&P: A Metrics Framework to Drive Application Security Improvement by Elizabeth Nichols and Gunnar Peterson (March 2007)

Build Security In: Security Concepts, Challenges, and Design Considerations for Web Services Integration

IEEE Security & Privacy Journal: Defining Misuse in the Development Process by Gunnar Peterson (December 2006)

IEEE Security & Privacy Journal: Intro To Identity Management Risk Metrics by Gunnar Peterson (July 2006)

Pragmatic Speculation (...or, what the @#%# is a Technical Use Case?) by Patrick Christiansen (July 2006)

Top Ten Information Security Considerations in Use Case Modeling by Gunnar Peterson (June 2005)

The below articles were originally published in the Information Security Bulletin.

Service Oriented Security Architecture (January 2006)

Collaboration in a Secure Development Process (June 2004), by Gunnar Peterson: 3 part series on collaboration between security and development in the enterprise software development lifecycle.

Collaboration in a Secure Development Process Part 1: approaching security in the Analysis Phase
Collaboration in a Secure Development Process Part 2 : elaborating security in the Design Phase
Collaboration in a Secure Development Process Part 3 : security in the Coding and Deployment Phases

Component Security Design Considerations (May, June, July 2002)
By Gunnar Peterson, CTO, Arctec Group

Part 1 J2EE Security

Part 2 .Net Security

Part 3 Comparing J2EE and .Net Security

This series of articles examines key architectural design considerations for sec urity in Java 2 Enterprise Edition (J2EE) and Microsoft's .Net component framewo rk.
In order to view the articles, it is necessary to have Adobe Acrobat Reader. If you do not have this already, you can download it for free.

New

SOA, Web Services, & XML Security Training class

Arctec Briefings on Security in Software Development Lifecycle and Threat Modeling

Free Architectural Newsletter
Subscribe to Arctec Views, Arctec group's free monthly newsletter, for issues, essays, and news in the Enterprise Architecture space.

Presentations

SANS Webcast (May 05): Web Services Security: The Good, The Bad, and The Ugly

Secure By Design: Security in the Software Development Lifecycle Rational Unified Process (RUP) from Twin Cities Rational User's Group, April 2005

SOS: Service Oriented Security from OWASP Europe April 2005

Security in the Software Development Process
Download slides from Gunnar Peterson's presentation at Blackhat Windows 2004. Topics covered include security analysis, design, and architecture.

Security Design Patterns Presentation
Download slides from Gunnar Peterson's presentation at the BlackHat Federal 2003 conference. The talk covers Software Security Analysis and Design in the development lifecycle.

For information on BlackHat conference, visit BlackHat site.