Content
TeamMentor™ provides a wealth of security guidance encapsulated in a specific collection of assets - each which speaks to a specific problem and provides unique guidance and/or knowledge. TeamMentor’s assets are updated regularly, with new items being added and existing ones revised to account for changes in the threat landscape or development technology. As needs arise, new asset classes may be added to the knowledge base and provide solutions to other problems that show up down the road.
The secure development assets include:
 |
ACTIVITY PATTERNS :: sample>> |
| Activity patterns are concise methods for common security engineering activities, such as code review, threat modeling, attacks etc. TeamMentor presents Activity Patterns by defining the context to which the pattern applies, the problem that the pattern relates to, the forces or motivation driving the activity and the actual solution/method for executing on the pattern. Activity patterns show users how to perform the key activities needed to develop secure applications. | |
|
|
ANTI-PATTERNS :: sample>> |
| Anti-patterns are classes of commonly-bad reinvented solutions in software development that lead to security vulnerabilities. TeamMentor presents anti-patterns by defining the context where the pattern occurs, one or more examples of a flawed solution with references, symptoms and consequences of the pattern, a proper solution with benefits, and finally a list of any known liabilities coincident with the proper solution. Anti-patterns provide users with the knowledge they need to do things right by showing them, in unambiguous terms, how to do it wrong. | |
|
|
CHECKLISTS :: sample>> |
| Checklists are detailed collections of steps used to verify design, implementation or deployment of a feature or function in an application. TeamMentor presents checklists by defining the context in terms of the type of functionality or environment the checklist applies to, what to look for and why the process is important. Next the checklist tells the user how to check the item and how to fix common problems that may be encountered along with appropriate problem and solution code examples. Checklists provide development teams with the tools they need to ensure that appropriate measures were taken to develop securely and that nothing was missed in the process. | |
|
|
CODE EXAMPLES |
| TeamMentor provides standalone code examples of key common functionality that users can cut and paste into their own applications. Code samples may be complete, secure systems or snippets that outline the key concepts needed for secure implementation. | |
|
|
DESIGN PATTERNS |
| Design Patterns are proven solutions for common problems in software design. TeamMentor presents design patterns by defining the context of the pattern, the problem it solves, the forces and motivations driving its use, and the complete solution. Design patterns show developers what good design looks like and provides an appropriate context for developing their own secure applications. | |
|
|
FAQS |
| FAQs are frequently asked questions in a specific secure application development or technology area. TeamMentor presents FAQs as individual items, each containing a single Question and Answer for a specific problem in a specific environment. FAQs are generally answers to well known problems and TeamMentor provides and authoritative source for the answer. | |
|
|
GUIDELINES :: sample>> |
| Guidelines are outlines for developing secure code in a specific development environment, why its important and how to do it. TeamMentor presents guidelines by defining the what, why and when followed by detailed instructions on how to implement with appropriate problem and solution examples. Guidelines allow developers to recognize problem areas and understand the best way(s) to address them. | |
|
|
HOW TO |
| How To’s are step by step guides that lead to successful completion of a security related development task. TeamMentor presents How To’s in the manner most appropriate to the technology area and provides complete guidance for implementation and/or use of specific functionality or resource usage. How To’s reduce the amount of time users need to spend figuring out how to do something by providing the answers up front and just in time. | |
|
|
PRINCIPLES :: sample>> |
| Principles are the fundamental laws that underlie the guidelines and other guidance types presented by TeamMentor. TeamMentor presents principles as granular items that describe the issue, its impact, potential vulnerabilities and countermeasures. Principles provide global context to users and ground security issues in reality for them. | |
|
|
TEST CASES :: view>> |
| Test Cases are specialized How To documents that walk users through the steps necessary to test for common vulnerabilities. TeamMentor presents Test Cases as collections of manual tests and techniques to uncover common problems. They include the environment the test applies to, a summary of the test case and finally the test itself with appropriate variables, values, inputs, expected results and other key instruction. Test Cases enable users to perform focused security testing that they would normally not equipped to execute; and uncover vulnerabilities before applications go into general use. |
