Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)

Response to InfoSec X Prize Part 1

So I’ve been quite amazed by the amount of discussion and feedback i have received from colleagues and peers on my original post on creating fundamental change through competition. I will be posting some of the written replies that I received and which Read More...
Posted Friday, March 06, 2009 9:11 AM by Akshay Aggarwal | 1 Comments
Filed under: ,

Baking Security In: A Comic Strip View of SDL

So how do you t ake your average developer who scoffs at security from the careless and brash aka Kevin,  to the poster child  for good development practices aka  Kevlarr. Well, the Microsoft SDL team has the answer for you. The team recently Read More...
Posted Friday, February 20, 2009 10:07 AM by Akshay Aggarwal | 1 Comments

Microsoft IT Solutions: Full Drive Encryption using BitLocker

One of the challenges that I have been focusing my team on this fiscal year has been creating new solutions that leverage the learning that Microsoft IT has had in deploying technology or solving problems. Microsoft IT generally has to deploy new technologies Read More...
Posted Tuesday, February 10, 2009 10:01 AM by Akshay Aggarwal | 1 Comments

Note to Fannie Mae: Dealing with Logic Bombs

Today, it was revealed that a departing contractor left Fannie Mae with a parting gift – a Logic Bomb designed to take 4000 of the financial giants servers & their data. Since this news broke, a number of concerned CIOs have requested my team for Read More...
Posted Tuesday, February 03, 2009 11:05 AM by Akshay Aggarwal | 1 Comments

The InfoSec X Prize: Fundamental Change Through Competition

Today I had a thought provoking conversation with Dr. Peter Diamandis , Chairman and CEO of Zero Gravity Corporation & X Prize Foundation, on radical & fundamental change. Change that advances the status quo rather than relying on incremental Read More...
Posted Thursday, January 22, 2009 2:06 PM by Akshay Aggarwal | 1 Comments

Meter This: Practical Application Of Power drain Attack

Last week while feeding my caffeine addiction I came across an article in the New York Times titled Can’t Find a Parking Spot? Check Smartphone . In order to reduce traffic congestion and fuel consumption, the city of San Francisco is implementing a new Read More...
Posted Friday, July 25, 2008 2:47 PM by Akshay Aggarwal | 2 Comments
Filed under: ,

My BlueHat Talk

Just got word that my talk Suddenly Psychic: Knowing everything about everyone was accepted at Microsoft's BlueHat Security Conference on October 16-17th. Sometimes when you go blue... you really go blue. Over the course of the next few months my buddy Read More...
Posted Tuesday, July 15, 2008 1:08 PM by Akshay Aggarwal | 0 Comments

Towards enabling secure infrastructure outsourcing

Many enterprise customers are increasingly evaluating the benefits of infrastructure outsourcing (ITO) to their businesses. In the past year, several CIOs have expressed concerns around the impact to the security and privacy of digital assets resulting Read More...
Posted Monday, July 14, 2008 8:29 AM by Akshay Aggarwal | 1 Comments
Filed under:

Application Security development Lifecycle 4: Finding the right security talent

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)... I thought about it a while and Read More...
Posted Sunday, June 01, 2008 12:45 PM by Akshay Aggarwal | 1 Comments

How Microsoft IT does Secure Application Development: Webcast

Technorati Tags: Conference , SDLC , SDL , IT , ISV I will be discussing Microsoft IT's approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th. Read More...
Posted Tuesday, May 27, 2008 9:20 AM by Akshay Aggarwal | 1 Comments

Increase the TCO, kill the project: An ad-hoc analogy

The other day I was subject to the assertion that the only asset an IT security organizations should care about is data. Now being in the application security business, I should have been jumping at this validation but couldn't. The IT security org needs Read More...
Posted Wednesday, May 14, 2008 9:07 AM by Akshay Aggarwal | 1 Comments

Application Security Development Lifecycle 3: Funding Models

Now that you've decided (or battled) to set up an application security program you realize that it actually needs to get funded. You must master the art of delicately drinking from the fire hydrant of line of business applications. In my experience helping Read More...
Posted Thursday, May 08, 2008 11:48 AM by Akshay Aggarwal | 2 Comments

Application Security Development Lifecycle 2: Mandatory or Not?

Large enterprises tend to have a number of line of business (LOB) applications supporting business operations. It becomes key for an application security program to help the organization manage the risk posed by each of these applications. Applications Read More...
Posted Tuesday, April 22, 2008 12:36 AM by Akshay Aggarwal | 2 Comments

Fear and Loathing in Las Vegas: The Hackers Turn Pro

A great analysis by the Yankee group on the security posture of products from security vendors. A very interesting read. Two key factors contribute to the growth of the underground vulnerability economy: historical and chronic weaknesses in the monopoly Read More...
Posted Monday, October 01, 2007 2:14 AM by Akshay Aggarwal | 0 Comments
Filed under: ,
 
Page view tracker