Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Application Security   (RSS)

Shrinking Budgets: Application Security Tools vs Process Tradeoff

An all too familiar scene repeated itself two weeks ago. My good friend & CISO of a mid-sized technology company, lets call him Alok, went into a budget planning meeting and came out as a shadow of his former self. To be more precise a 85% version Read More...
Posted Wednesday, April 29, 2009 10:25 PM by Akshay Aggarwal | 1 Comments

The InfoSec X Prize: Fundamental Change Through Competition

Today I had a thought provoking conversation with Dr. Peter Diamandis , Chairman and CEO of Zero Gravity Corporation & X Prize Foundation, on radical & fundamental change. Change that advances the status quo rather than relying on incremental Read More...
Posted Thursday, January 22, 2009 2:06 PM by Akshay Aggarwal | 1 Comments

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?

Several enterprises are increasingly investing time and money in building application security tasks into their existing SDLCs. Some of them have also reached the conclusion that proactive approaches , like threat modeling, have more ROI than reactive Read More...
Posted Wednesday, June 11, 2008 8:06 AM by Akshay Aggarwal | 6 Comments

OWASP Conference Update

I will be presenting at the OWASP conference in Denver, CO this Tuesday, June 10th. The presentation will focus on the value that organizations especially ISVs can derive from threat modeling of line of business applications. For some time now, I've been Read More...
Posted Sunday, June 08, 2008 6:42 PM by Akshay Aggarwal | 1 Comments

Application Security development Lifecycle 4: Finding the right security talent

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)... I thought about it a while and Read More...
Posted Sunday, June 01, 2008 12:45 PM by Akshay Aggarwal | 1 Comments

How Microsoft IT does Secure Application Development: Webcast

Technorati Tags: Conference , SDLC , SDL , IT , ISV I will be discussing Microsoft IT's approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th. Read More...
Posted Tuesday, May 27, 2008 9:20 AM by Akshay Aggarwal | 1 Comments

Increase the TCO, kill the project: An ad-hoc analogy

The other day I was subject to the assertion that the only asset an IT security organizations should care about is data. Now being in the application security business, I should have been jumping at this validation but couldn't. The IT security org needs Read More...
Posted Wednesday, May 14, 2008 9:07 AM by Akshay Aggarwal | 1 Comments

Application Security Development Lifecycle 3: Funding Models

Now that you've decided (or battled) to set up an application security program you realize that it actually needs to get funded. You must master the art of delicately drinking from the fire hydrant of line of business applications. In my experience helping Read More...
Posted Thursday, May 08, 2008 11:48 AM by Akshay Aggarwal | 2 Comments

Front Range web application security summit in Denver

I will be speaking at the Front Range OWASP Conference (FROCo8) in Denver on June 10th. The focus of the conference to share the experiences that the speakers had around solving technical and management issues surrounding application security. I'll be Read More...
Posted Thursday, May 01, 2008 10:11 AM by Akshay Aggarwal | 0 Comments

Application Security Development Lifecycle 2: Mandatory or Not?

Large enterprises tend to have a number of line of business (LOB) applications supporting business operations. It becomes key for an application security program to help the organization manage the risk posed by each of these applications. Applications Read More...
Posted Tuesday, April 22, 2008 12:36 AM by Akshay Aggarwal | 2 Comments

Application Security Development Lifecycle 1: Understanding your portfolio

"How many applications do you have and what do they do?" It seems simple enough yet this questions seems to perplex many a smart mind. Having posed it to over a hundred and fifty CSO/CIOs over the last year, I have rarely received a clear answer that Read More...
Posted Monday, April 07, 2008 9:45 AM by Akshay Aggarwal | 4 Comments

Application Security Development Lifecycle Series

After several requests from customers about information on how enterprise class application security programs are set up, I am writing a series of blogs about my experience helping some large enterprises set up application security teams similar to the Read More...
Posted Wednesday, April 02, 2008 11:54 PM by Akshay Aggarwal | 1 Comments

Encounters making an Application Security Case Study Video

Microsoft IT has been developing an engineering based application security lifecycle for about 5 years now. The ACE team is responsible for helping develop and maintain this lifecycle called the Security Development Lifecycle for IT (SDL for IT) which Read More...
Posted Tuesday, June 12, 2007 9:23 AM by Akshay Aggarwal | 1 Comments

CSO Summit: Securing the retail application

Technorati Tags: Conferences Last month I presented a talk about the security risks faced by the retail industry at the Microsoft Chief Security Officer Summit in Redmond. This was a gathering of several hundred CSOs from major Microsoft customers to Read More...
Posted Wednesday, June 06, 2007 5:14 PM by Akshay Aggarwal | 1 Comments

The Business of Application Security & Performance

About me and my blog Read More...
Posted Tuesday, May 08, 2007 8:12 AM by Akshay Aggarwal | 1 Comments
 
Page view tracker