Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
124<br />
<strong>Enterprise</strong> <strong>Library</strong> <strong>Test</strong> <strong>Guide</strong><br />
Establishing the Security Requirements<br />
The security requirements for the <strong>Enterprise</strong> <strong>Library</strong> focus on maintaining the confidentiality<br />
of the data, the integrity of the data, and the availability of the application<br />
blocks. In general, maintaining availability meant preventing denial of service<br />
attacks. Here are the <strong>Enterprise</strong> <strong>Library</strong> security requirements:<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
Ensure that an attacker cannot read confidential information, such as a connection<br />
string, in the configuration files.<br />
Ensure that an attacker cannot read confidential information in the log message<br />
repositories, such as a database, event log, or flat file.<br />
Ensure that an attacker cannot alter information in the log message repositories.<br />
Ensure that an attacker cannot tamper with the configuration files.<br />
Ensure that an attacker cannot tamper with or replace the assemblies.<br />
Ensure that an attacker cannot launch denial of service attacks.<br />
These requirements form the basis for the rest of the security review. To make these<br />
general requirements more specific requires a thorough understanding of how the<br />
application block works.<br />
Analyzing the Logging Application Block<br />
Analyzing the Logging Application Block means identifying its assets, dependencies,<br />
and subsystems. Use the security requirements as a guideline for identifying the relevant<br />
components. It is also important to identify the underlying assumptions about<br />
security that were made when the application block was first designed.<br />
To analyze the application block, you should:<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
Identify the assets.<br />
Create an architectural drawing.<br />
Identify the entry points.<br />
Identify the relevant classes.<br />
Identify the external dependencies.<br />
Identify the assumptions.<br />
Identify any other information that might affect the application block's security.<br />
Identifying the Assets<br />
Assets are resources that need to be protected from an attack. Table 1 lists the<br />
Logging Application Block’s assets.