We have produced a Security Patterns Repository consisting of 26 patterns and 3 mini-patterns. (A mini-pattern is a shorter, less formal discussion of security expertise in terms of just a problem and its solution.) We focused on the domain of Web application security to bound the scope of the problems that our patterns address. We also constructed a worked example system using some of our security patterns to help validate the approach; this example system was a patterns repository to present our security patterns, spur discussion, and collect feedback. Unfortunately, we have been unable to maintain the patterns repository application, so please disregard all references to the repository at www.securitypatterns.com in the documents below.
