Browse by Tags
All Tags »
Security (RSS)
Last week while feeding my caffeine addiction I came across an article in the New York Times titled Can’t Find a Parking Spot? Check Smartphone . In order to reduce traffic congestion and fuel consumption, the city of San Francisco is implementing
Read More...
"The hardest thing of all is to find a black cat in a dark room, especially if there is no cat." – Confucius Security code inspections is sort of searching in the dark. However, security vulnerabilities in many cases* are recurrent anti-patterns
Read More...
After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)... I thought about it a
Read More...
Technorati Tags: Conference , SDLC , SDL , IT , ISV I will be discussing Microsoft IT's approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th.
Read More...
The other day I was subject to the assertion that the only asset an IT security organizations should care about is data. Now being in the application security business, I should have been jumping at this validation but couldn't. The IT security org needs
Read More...
Now that you've decided (or battled) to set up an application security program you realize that it actually needs to get funded. You must master the art of delicately drinking from the fire hydrant of line of business applications. In my experience
Read More...
I will be speaking at the Front Range OWASP Conference (FROCo8) in Denver on June 10th. The focus of the conference to share the experiences that the speakers had around solving technical and management issues surrounding application security. I'll be
Read More...
Alik here. Does the question sound rhetoric to you? Do you think the answer is “Yes” by default these days? Think twice. Ask yourself the questions below. You may change your mind at the end. Performance Is performance important to you and your customers?
Read More...
Hi! This is Hassan Khan. As promissed, here the FAQs on XSSDetect: Q. What is XSSDetect? A. XSSDetect is stripped down version of the Code Analysis Tool for .NET used by the ACE team to help find security vulnerabilities in software applications. It has
Read More...
XSSDetect is a static binary analysis tool. In the first step of analysis it reads target binaries to create a directed graph where nodes represent statements while the edges represent flow of data. This graph can get huge for large applications and users
Read More...
One of the biggest, constant problems we've seen our enterprise customers deal with and we here at Microsoft have to also contend with is that of the XSS (Cross Site Scripting) bug. It's very common and unfortunately, still an issue we have to deal with
Read More...
Hi, I am Sagar Joshi and I work with the ACE Services Team. There is a lot of awareness building around TAM – Threat Analysis and Modeling tool developed by ACE. I have come across practitioners from various disciplines who want to start doing threat
Read More...
Hey Folks, part II and III of the Channel 9 interviews are up! You can check out part II here and part III here . Ahmad Mahdi Security Technologist Microsoft – ACE Team ahmad.mahdi
Read More...
Well its been a while, but ACE's first video has hit Channel 9 today. If you'd like to see some of the faces on the team, some interesting discussion of who we are and what we do; please do check it out. You can view it here . This is nearly the last
Read More...
Hello everyone, my name is Anmol Malhotra and I’m a Security Technologist with ACE [Application Consulting & Engineering] Services team. We are a global team delivering application security services to Microsoft’s esteemed enterprise level customers.
Read More...