SecurityRatty: tag: mitigations

Don't Try This At Home

2007-11-05 21:52:28 by sdl in The Security Development Lifecycle

...mitigations is hard, and why we suggest treading carefully if you need to go there Let me first explain what I mean by mitigations because apparently theres some confusion. We have folks here at Microsoft who call things like the /GS compiler flags "mitigations." When I talk about mitigations in a threat modeling context, I mean things that...

Tags: mitigations, custom mitigations, security mitigations, innovative mitigations, software projects, software, expert, design, design principles

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle

...mitigations Now, lets turn to the Source Code Review of the Hart InterCivic Voting System . Ill try to keep my commentary balanced by selecting two examples here as well From the executive summary Unsecured network interfaces Voters can connect to unsecured network links in a polling place to subvert eSlates, as well as to eavesdrop on cast...

Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system

Making Threat Modeling Work Better

2007-10-17 00:23:53 by sdl in The Security Development Lifecycle

...mitigations, new mitigations, and risk acceptance. We have training on mitigating threats, we have explanation of why and when to use each (and theyre presented in a preferred order Lastly, we provide advice about how to validate the threat model and its relation to reality Between these four steps and the hamster wheel which ties them...

Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts

The New Threat Modeling Process

2007-10-02 01:15:35 by sdl in The Security Development Lifecycle

...mitigations, such as those provided by OS features, to mitigate threats c. Invent new mitigations, understanding that this is a subtle art d. Accept risk, when allowed by the SDL 5. Validate There are two levels of validation. The first is within each stage, the second is a validation pass at the end of the process. That end of process...

Tags: process, threat, process validation entails, threat model, software process diagram, people, people trust boundaries, love threat, hamster wheel

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle

...mitigations to those threats, and every bug you expose in tool analysis. This library of security bugs will give you an easy way to go back and gather evidence that shows the quantity of issues you discovered, the mitigations you used, and the impact the changes had on your application I have provided a fairly detailed view of these...

Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements

Mitigating Exploitation Techniques

2008-10-03 00:07:00 by sdl in The Security Development Lifecycle

...mitigations or the techniques that are being used to solve those problems Understanding the problems that are solved by mitigations is what provided the motivation for the presentation I will be giving at BlueHat. Many of the materials in this presentation were taken from my work with Leviathan Security Group and have been repurposed to...

Tags: techniques, mitigation technique, mitigation, mitigation techniques attempt, exploitation, mitigation techniques, exploitation techniques, successful exploitation attempt, successful

SDL Announcements at TechEd EMEA

2008-11-10 22:25:00 by sdl in The Security Development Lifecycle

...mitigations based on the STRIDE taxonomy Integration with bug-and issue-tracking systems like Visual Studio Team Foundation Server To learn more about these, visit the SDL portal, http://www.microsoft.com/sdl By the way, if you are in Barcelona and want to stop by and chat, the session list is below SDL Theater Sessions Getting started with...

Tags: sdl, sdl pro network, sdl optimization model, sdl threat, sdl portal, microsoft sdl, security sessions, sessions, sdl theater sessions

BlueHat SDL Sessions Wrap-up

2008-12-01 17:51:00 by sdl in The Security Development Lifecycle

...Mitigations Unplugged by Matt Miller, Microsoft Security Science team Concurrency Attacks on Web Applications by Scott Stender and Alex Vidergar of iSEC Partners Fuzzed Enough? When its OK to Put the Shears Down by Jason Shirk, Dave Weinstein and Lars Opstad, Microsoft Security Science team Real World Code Review Using the Right Tools in the...

Tags: sdl sessions, microsoft, microsoft trustworthy, microsoft sdl team, vinnie liu, liu, web applications, matt miller, jason shirk

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle

...mitigations ," " Threat modeling again, what does STRIDE have to do with threat modeling ," " Threat modeling again, STRIDE per element ," " Threat modeling again, threat modeling playsound I wanted to chime in and offer up this handy chart that we use. It's part of how we teach people to go from a diagram to a set of threats. We used to ask...

Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user

New faces and predictions for the New Year...

2008-01-22 22:11:00 by sdl in The Security Development Lifecycle

...mitigations for issues like request forgery in the SDL, so that it is just as useful and applicable to online services as it is for desktop and client/server programs. Keep watching this space for web app-specific updates to the SDL and for a more in-depth look at XSRF in the near future

Tags: sdl team, team, sdl, sdl blog crew, cve, cve vulnerabilities, microsoft, single prediction, microsoft products

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo