微软研发探秘系列课程(3)：卓越项目经理

MicrosoftDevelopersProduction-QualityCodingAftercompletingthismodule,youwillbeableto:–Improvethequalityofthecodeyouwrite–Improvereliabilityandperformanceofyourcode–Alwayswriteinternational-awarecode–Codedefensively–Usestaticanalysistools–LeverageWatsonandSQMinyourapplication–CodewithasecuritymindsetObjectivesAgenda•Performance•Reliability•SecurityCodeforperformance•Incorporateperformanceworkearlyon•Tunehotspots•Usetechnologycorrectly•Designandcodeforscalabilityasnecessary•BuildoptimizedBasicBlockTechnologyandRebasePerformancetuning•Whenascenarioisnotfastenough–Profileit–Getacompleteunderstandingofthebottleneck–Designandimplementanimprovement–Profileitagaintoseeimpact•AccountforuserperceptionofperformancepriortospendingtimetuningTunehotspots•Beawareofcommonusagescenarios•Optimizehotpaths(5%ofcodeupto90%oftime)•Knowwhichoperationshappenfrequently•Pickadatastructurethatbestfitstherequirements–Donotusealistwhereanarraywilldo–Donotusealistwhereabinarytreeisneeded•Watchformemoryandresourceallocationsgonewild•Synchronousvs.asynchronousnetworkcalls•Cacheyourdata•Initializelazilywherepossible–“PayforPlay”conservesCPUaswellasmemory•DLLfactoring(fewerlargerassemblies)–Fixedcostforeveryassemblyload•Don’tcreategratuitousthreads–usetheCLR’sThreadpoolAgenda•Performance•Reliability•SecurityReliabilitythroughtheuseofdefensiveprogramming•Codingversusengineering:What’sthedifference?–Codingdefensivelytocatchproblemsearly–Engineeringforreliabilitytoavoidproblems•Howtoengineer?Designandwritecodethat:–Haswell-definedexpectations–Verifiesexpectations–Haswell-definedresults–Ensurestherightresults–FailsinpredictablewaysDefensiveprogrammingpracticesWhataresomedefensiveprogrammingpractices?•Useassertstovalidateparameters•Checkallreturnvalues•Validateinput•Handleexceptionsproperly•UsetracingtotrackdownissuesReliabilitythroughtheuseofstaticanalysistools•PoliCheck•PREfix•PREfast•PREsharp•FxCop•APIscan•OACR•SAL•Spec#Agenda•Performance•Reliability•SecurityTheDeveloperRoleinApplicationSecurity作为一个开发人员在系统安全的责任•Developersmust:开发者必须：–Workwithsolutionarchitectsandsystemsadministratorstoensureapplicationsecurity与架构师和系统管理员一起商讨系统的安全性问题–Contributetosecurityby:会给系统安全带来的好处•Adoptinggoodapplicationsecuritydevelopmentpractices•采用开发安全应用的一些策略•Knowingwheresecurityissuesoccurandhowtoavoidthem•知道安全问题会发生在什么地方以及如何避免•Usingsecureprogrammingtechniques•提高编写安全代码的技巧SecureApplicationDevelopmentPractices开发安全应用的实践•TheImportanceofApplicationSecurity应用系统安全的重要性•SecureApplicationDevelopmentPractices开发安全的系统的实践•SecurityTechnologies可用的安全技术•SecureDevelopmentGuidelines开发安全应用的指导HolisticApproachtoSecurity安全的整体性考虑•Securitymustbeconsideredat:安全必须在以下的几个方面入手–Allstagesofaproject工程的各个阶段•Design设计•Development开发•Deployment部署–Alllayers各个不同的层面•Network网络环境•Host服务器环境‘•Application应用系统环境–Spend10to15percentofdevelopmenteffortonsecurity开发过程10%-15%的精力要投入到安全方面“Securityisonlyasgoodastheweakestlink”安全只不过是最薄弱的一个环节SecurityThroughoutProjectLifecycle项目生命周期各个环节的安全问题Concept概念DesignsComplete设计完成TestPlansComplete测试计划完毕CodeComplete编码完毕Ship发布Post-Ship发布之后（维护）Securityquestionsduringinterviews面试期间的安全问题Securityquestionsduringinterviews面试期间的安全问题Analyzethreats分析威胁Analyzethreats分析威胁Determinesecuritysign-offCriteria设置安全标准Determinesecuritysign-offCriteria设置安全标准Externalreview外部审查Externalreview外部审查Securitypush安全运动Securitypush安全运动LearnandRefine认识并改进LearnandRefine认识并改进TrainteamMembers教育TrainteamMembers教育Securityteamreview安全小组审查Securityteamreview安全小组审查Datamutationandleastprivilegetests数据变化和最小特权测试Datamutationandleastprivilegetests数据变化和最小特权测试Reviewolddefects,check-inscheckedsecurecodingguidelines,usetools设查旧的缺陷，签字确认，安全编码准则Reviewolddefects,check-inscheckedsecurecodingguidelines,usetools设查旧的缺陷，签字确认，安全编码准则=ongoing不断进行TheSD3SecurityFrameworkSD3安全框架SD3Securearchitectureandcode架构和代码安全Threatanalysis威胁分析Securityissuereduction安全问题的减少Securearchitectureandcode架构和代码安全Threatanalysis威胁分析Securityissuereduction安全问题的减少SecurebyDesign设计安全Protection:Detection,defense,recovery,management保护措施：探测，防御，恢复，管理Process:How-toguides,architectureguides方法：如何去引导，架构指导People:Training人员：培训Protection:Detection,defense,recovery,management保护措施：探测，防御，恢复，管理Process:How-toguides,architectureguides方法：如何去引导，架构指导People:Training人员：培训SecureinDeployment部署安全Attacksurfaceareareduced缩小攻击面Unusedfeaturesturnedoffbydefault采用安全的默认设置Minimumprivilegesused使用最小的权限Attacksurfaceareareduced缩小攻击面Unusedfeaturesturnedoffbydefault采用安全的默认设置Minimumprivilegesused使用最小的权限SecurebyDefault默认安全ThreatModeling威胁建模•Threatmodelingis:–Asecurity-basedanalysisofanapplication对于应用程序的安全分析–Acrucialpartofthedesignprocess设计过程中至关重要的环节•Threatmodeling:–Reducesthecostofsecuringanapplication减少应用程序的安全隐患–Providesalogical,efficientprocess规定一个合理有效的流程–Helpsthedevelopmentteam:帮助开发组•Identifywheretheapplicationismostsusceptible•帮助分析判断系统最容易受到攻击的环节•Determinewhichthreatsrequiremitigationandhowtoaddress•thosethreats•决定如何降低被攻击的风险和如何定位攻击OngoingEducation不断的学习•Providetrainingabout:预防攻击需要学习的东西–Howsecurityfeatureswork安全策略是怎样工作的–Howtousethesecurityfeaturestobuildsecuresystems怎样应用安全策略构建安全系统–Whatsecurityissueslooklikeinordertoidentifyfla