SEARCH RESULTS
 
Showing 1-10 of 10 records
1
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...MSDN Magazine in November To recap, we had a debugging plug-in (mini-debugger) that not only monitored for exceptions but also reduced the number of exceptions to triage after a fuzzing session was completed. This also included monitoring for CPU and memory spikes as well as the use of page heap to capture heap corruptions that might not...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

Voting For Transparent Communication

2008-03-28 15:03:00 by sdl in The Security Development Lifecycle
 
...msdn.com/si team/archive/2008/02/25/protecting-bitLocker-from-cold-attacks-and-other-threats.aspx , we like to talk to them on two important levels. The first is technical: what did they find, and can they help us reproduce it? The second is logistical: what's their timeline for disclosing a vulnerability, and how can we all work together to...
 
Tags: security, security researchers, issues, security issues helps, researchers, level, vulnerability, vulnerability reports, technical level
 
 
 
 
Expand article

Code Junkie? Check This Out

2008-06-12 18:29:57 by mcurphey in Mark Curphey - SecurityBuddha.com
 
RV is one of my core framework developers. His blog on MSDN is http://blogs.msdn.com/codejunkie/default.aspx. He will be contributing to our team blog when we open it in a few weeks. In the meantime check out his personal blog for workflow, web services, Team Foundation Server and other great .NET coding stuff. Updated: Curphey ..reminds me
 
Tags: team blog, blog, personal blog, team foundation server, core framework developers, meantime check, msdn, web services, blogs
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...msdn.com/larryosterman/archive/2007/08/30/threat-modeling-once-again.aspx One thing that was realized very early on is that our early efforts at threat modeling were quite ad-hoc. We sat in a room and said "Hmm, what might the bad guys do to attack our product?" It turns out that this isn't actually a BAD way of going about threat modeling,...
 
Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process
 
 
 
 
Expand article

Microsoft SDL Process in detail

2008-04-09 19:13:00 by sdl in The Security Development Lifecycle
 
...MSDN. This has been in the works for quite awhile and has involved a ton of folks in SEC and TWC putting in a lot of hours and resources into getting this published (props to Ziv Fass and Jed Pickel As you can probably guess, this is not an exact duplication of the SDL for a number of reasons but its pretty darn close. Given that caveat,...
 
Tags: sdl, microsoft sdl, sdl process, microsoft, sdl guidance, guidance, secure, secure software development, development
 
 
 
 
Expand article

SQL Injection Follow-up

2008-05-30 15:58:00 by sdl in The Security Development Lifecycle
 
Hi everyone, Bryan here. Michael wrote a great post here on SDL-required SQL injection defense techniques in the wake of the recent mass SQL injection attacks against ASP sites. Additionally, the Security Vulnerability Research & Defense blog has just posted an analysis of the attack along with guidance recommendations for IT/database admins,...
 
Tags: classic asp-specific, asp, sql injection, asp sites, security vulnerability research, guidance, guidance recommendations, bala neerumalla, web developers
 
 
 
 
Expand article

Visit the New SDL (Security Development Lifecycle) Web Site

The Article has images
2008-06-20 00:08:18 by jrjones in Jeff Jones Security Blog
...MSDN subsite, which is encouraging when you think about it I have it on reasonably good authority (aka the site owner), that there are plans for the site content to grow this year and that this will be one of the main starting points to learn more about Microsoft efforts to improve developer's ability to write code that is less prone to...
 
Tags: sdl, sdl tools repository, sdl process guidance, sdl home page, security, security development lifecycle, sdl-like processes, web site, process
 
 
 
 
Expand article

Anti-XSS Features in IE8

2008-07-08 15:09:15 by mcurphey in Mark Curphey - SecurityBuddha.com
 
http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
 
Tags: blogs, msdn, aspx
 
 
 
 
Expand article

CISG Team Blog

2008-08-25 18:32:35 by mcurphey in Mark Curphey - SecurityBuddha.com
 
The CISG Team Blog is now operational. We are initially blogging about things we are doing with Anti-XSS (and related technologies) but plan to expand to cover our bigger projects over the coming months. You can expect a wide range of posts from program management, user experience and code level developer commentary. http://blogs.msdn.com/cisg
 
Tags: cisg team blog, program management, wide range, user experience, bigger projects, blogs, technologies, operational, cover
 
 
 
 
Expand article

Internet Explorer security levels compared

2008-09-17 00:19:36 by Steve Riley in Steve Riley on Security
 
...MSDN: About URL security zone templates . No wonder it's difficult to find -- the terminology is different, and the table is organized by URL actions, not by the text in the dialog Someone on the IE security team forwarded me a document that had additional details. So here, for your enjoyment, is a chart listing the default settings for each...
 
Tags: script behaviors, script, script activex controls, activex controls, net framework, net, zone, content zone, content