I'm reading this book called 'Software Engineering with Visual Studio Team System' by Sam Guckenheimer. To say the least, It's not letting me sleep. This book looks tiny though but is humongous in it's content and specifically the application lifecycle management automation through VSTS. VSTS is the best thing to happen to MS technology developers for a long time.. The best part is how the book guides you with Agile methodologies and CMMI practises using VSTS.
The interesting thing which caught my attention was security testing through VSTS. Sam talks about using a fault model base on vulnerabilites observed on other systems, and a series of attacks to exploit the vulnerabilites. He also gives references to published attack patterns which are helpful in identifying the vast majority of vulnerabilites. His reference includes James A. Whittaker and Herbert H. Thompson's book, 'How to break software security: Effective Techniques for Security Testing (Boston: Addison-Wesley,2004). (which has around 19 attack patterns that are standard approaches to hacking systems).
Now, There's a lot of stuff for security from microsoft, for instance the trustworthy computing initiative, SD3 and SDL , Security best practises etc..
I'm wondering if there was an SDL approach inside Visual Studio Team System.. (may be as a part of ALM), What an invaluable feature it would have been..!!