Welcome to MSDN Blogs Sign in | Join | Help

News

  • This blog is provided "AS IS" with no warranties, and confers no rights. Opinions are not necessarily of Microsoft. You can contact the Application Consulting & Engineering Team (ACE Team) by leaving comments, clicking on Contact or Emailing us.

Browse by Tags

All Tags » Security   (RSS)
Video Series: ACE Security Consultants from the Field
Kicking off our video series, ‘ ACE Security Consultants from the Field, ’ Talhah Mir from Microsoft Information Security , talks to two passionate individuals about security. Watch the podcast, “ ACE from the Field: Carric 'DEFCON Goon' Dooley ,” as Read More...
Blog Series: Get Familiar with the SDL-LOB (Security Development Lifecycle for Line-Of-Business Applications) Process
Hello, Anmol Malhotra here. I’m a Senior Security Engineer with ACE Team, a part of Microsoft IT Information Security group. I’d like to introduce you to the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB) process. As part of Read More...
TechNet Webcast: Configuring with Least Privilege in SQL Server 2008 (Level 300)
TechNet Webcast : Configuring with Least Privilege in SQL Server 2008 (Level 300) Tuesday, June 02, 2009 8:00 AM Pacific Time (US & Canada) Presenter: Varun Sharma, Security Engineer, Microsoft Corporation Overview : With SQL injection attacks on Read More...
TechNet Webcast: Fundamentals of Third-Party Security Management (Level 300)
TechNet Webcast : Fundamentals of Third-Party Security Management (Level 300) Monday, June 01, 2009 10:00 AM Pacific Time (US & Canada) Presenter : Gerard Morisseau, Senior Program Manager, Microsoft Corporation Overview: In this webcast, learn the Read More...
Infrastructure Security Design Review
Hello Everyone! My name is Shawn Rabourn and I am a Senior Security Consultant with ACE (Assessment, Consulting and Engineering) Services, a part Microsoft IT's Information Security (InfoSec) group. Sounds like a mouthful, I know. Really, that is just Read More...
ACE Infrastructure Security Services: An Overview
This is Rob Cooper, Senior Engineer for ACE Infrastructure (also known internally as ICE for you William Gibson fans). Thanks to Irfan Chaudhry, Director of the ACE Team, for giving us a good overview and history of ACE and how ACE’s role has expanded Read More...
Security as a Service: A Balancing Act
When I first joined Microsoft IT, I was intrigued by the concept of offering security assessment as an optional service to the business. I was even more surprised to see how enthusiastically the business had embraced the concept. You see, like many security Read More...
About ACE’s Information Security Assessment Service - Your Friendly Neighborhood Security Auditor
This is Gerard Morisseau, Senior Program Manager for ACE’s Information Security Assessment Services (ISAS). ISAS offers several security assessment services aimed at helping Microsoft IT and the business assess their information security risks, improve Read More...
Shrinking Budgets: Application Security Tools vs Process Tradeoff
An all too familiar scene repeated itself two weeks ago. My good friend & CISO of a mid-sized technology company, lets call him Alok, went into a budget planning meeting and came out as a shadow of his former self. To be more precise a 85% version Read More...
About ACE’s Infrastructure Security Team
Hi, my name is Brad Gobble and I manage ACE ’s Infrastructure Security Team, a part Microsoft IT’s Information Security group. Over the next few weeks you’ll hear a lot about our services: what we do, how we do it, how we prepare our team to execute and Read More...
Response to InfoSec X Prize Part 1
So I’ve been quite amazed by the amount of discussion and feedback i have received from colleagues and peers on my original post on creating fundamental change through competition. I will be posting some of the written replies that I received and which Read More...
Baking Security In: A Comic Strip View of SDL
So how do you take your average developer who scoffs at security from the careless and brash aka Kevin,  to the poster child  for good development practices aka  Kevlarr. Well, the Microsoft SDL team has the answer for you. Read more… - Read More...
Microsoft IT Solutions: Full Drive Encryption using BitLocker
One of the challenges that I have been focusing my team on this fiscal year has been creating new solutions that leverage the learning that Microsoft IT has had in deploying technology or solving problems. Microsoft IT generally has to deploy new technologies Read More...
Note to Fannie Mae: Dealing with Logic Bombs
Today, it was revealed that a departing contractor left Fannie Mae with a parting gift – a Logic Bomb designed to take 4000 of the financial giants servers & their data. Since this news broke, a number of concerned CIOs have requested my team for Read More...
Vulnerabilities in Web Applications due to improper use of Crypto – Part 3
Almost all thick client applications need to update themselves. This is the only way to distribute newer functionality and bug fixes. The updated executables are usually downloaded on the client from the company’s servers. In the past, there have been Read More...
More Posts Next page »
Page view tracker