The Security Development Lifecycle
 
Showing 1-10 of 121 records
 
Expand article

Introducing the InfoSec Assessment & Protection Suite

2009-11-19 16:48:19 by sdl in The Security Development Lifecycle
 
...Information Security Tools (IST) team has released the InfoSec Assessment & Protection (A&P) Suite . Its a suite made up of protection and assessment tools which include Web Protection Library (WPL) - an umbrella for several libraries and runtime modules including the Microsoft Anti-Cross Site Scripting Library v3.1 (Anti-XSS V3.1) and...
 
 
 
 
 
Expand article

Announcing SDL for Agile Development Methodologies

The Article has images
2009-11-10 15:52:43 by sdl in The Security Development Lifecycle
...security, and thats simply not an acceptable solution However, although none of these approaches solves the problem of adapting the SDL to Agile, that doesnt mean the task is impossible. Over the last year, a team of security professionals throughout the Trustworthy Computing Security and Online Services Security & Compliance teams (including...
 
 
 
 
 
Expand article

SDL at TechEd Europe and Platforma

2009-11-05 18:42:08 by sdl in The Security Development Lifecycle
 
...Security for Agile Projects Monday 11/9 9:00-10:15, Berlin 1 Hall 7-3a Platforma FF-206: The Microsoft Security Development Lifecycle Thursday 11/12 4:30-5:30, Red Congress-Hall Hope to see you there
 
 
 
 
 
Expand article

SIR Volume 7 Released

The Article has images
2009-11-04 13:44:54 by sdl in The Security Development Lifecycle
...Security Intelligence Report (SIR) , which covers the first half of 2009. There are many interesting statistics in this report, but theres one that Id like to draw particular attention to: the number of industry-wide reported vulnerabilities as broken down by OS vulns vs. browser vulns vs. application vulns It is gratifying to see a sharp...
 
 
 
 
 
Expand article

Ninjas are cool, but engineers build bridges

2009-10-23 15:39:28 by sdl in The Security Development Lifecycle
 
...information about our many approaches over the years .Today, we have one authoritative site at microsoft.com/sdl which presents the most current guidance. We no longer use attack trees. Were working hard to speak clearly. Is it working for you? Let us know whats not clear. Yes, there are a lot of books and what-have-you that cant be updated,...
 
 
 
 
 
Expand article

MS09-050, SMBv2 and the SDL

2009-10-15 18:44:24 by sdl in The Security Development Lifecycle
 
...security vulnerability, I made a comment that I would continue to write these posts, but only for bugs that interested me. To be honest, all security bugs interest me, but this one really got me to sit up because its in new code For reference, the security update that fixes this is MS09-050 , and the bug is CVE-2009-2532 What makes the bug of...
 
 
 
 
 
Expand article

Cross-Domain Security

2009-10-12 23:48:20 by sdl in The Security Development Lifecycle
 
...Security Researcher at Adobe, has written a guest post for the BlueHat blog on potential security issues with cross-domain access permissions for web sites. Id like to encourage you to read Peleus post and also to expand on it a little to talk about the SDL requirements around cross-domain access Normally, the Same Origin Policy prevents web...
 
 
 
 
 
Expand article

Getting the Most for Your Security Investment

2009-10-05 23:39:54 by sdl in The Security Development Lifecycle
 
...security A few weeks ago, Microsoft and iSEC Partners published a joint whitepaper titled, Microsoft SDL: Return On Investment, and I'd like to highlight a contradiction the paper discusses between what return on investment numbers show and common industry practice. In many cases, we see companies spending most of their security budget on...
 
 
 
 
 
Expand article

Known issue: Using MiniFuzz on Windows XP or Server2003

The Article has images
2009-09-25 18:37:22 by sdl in The Security Development Lifecycle
Michael Howard here with a quick update on MiniFuzz File Fuzzer We have received sporadic reports that a few MiniFuzz users are encountering an issue when attempting to run MiniFuzz on Windows Server 2003 or Windows XP platforms. This is a known issue that results from some missing registry keys on Windows XP and Server 2003 that are present in...
 
 
 
 
 
Expand article

New and Improved AntiXss 3.1, Now With Sanitization

2009-09-23 20:39:00 by sdl in The Security Development Lifecycle
 
...Information Security Tools team is including the HTML sanitization functionality in the new public version of AntiXss (version 3.1) and releasing the entire library under the Ms-PL open source license. Lets take a quick look at how this functionality works and when you might want to use it When used correctly, output encoding is very...
 
 
 
 
 
 
Showing 1-10 of 121 records