Do you have a passion for security and excited about impacting some of the largest and most complex infrastructure security challenges Microsoft is involved with today? If the answer is yes, you may be a candidate to join the ACE Team. The ACE (Assessment...

Hi, I’m Kevin Harris, Principal Program Manager with Microsoft’s Enterprise Business Continuity Management (EBCM) team. This blog entry accompanies my video on a key component of our business continuity methodology – the Technical Dependency Analysis...

Hi all, I’m Tom Easthope, Sr. Program Manager on the Enterprise Business Continuity team at Microsoft. This blog entry is a companion to the video interview about a key component of our business continuity methodology – the Business Impact Assessment...

Hi, RockyH here, I was browsing for IT security news from the hotel this evening and came across this gem: That’s it. Of course there is no information about who to email, and why should their be. If they can’t figure out how to tell the difference...

Hi everyone, Diane here. Recently the Information Security Tools (IST) Team released the Assessment & Protection (A&P) Suite . If you missed the overview on the A&P suite, check out the Information Security blog . The Web Protection Library...

The Information Security Tools (IST) team has released the InfoSec Assessment & Protection (A&P) Suite . It’s a suite made up of protection and assessment tools which include: Web Protection Library (WPL) - an umbrella for several libraries...

Hi Steven Michalove here, I’m a principal program manager on Microsoft IT’s Information Security (InfoSec) group. For the last of couple weeks, we’ve been talking about Microsoft IT’s (MSIT) dogfooding process, known as the First & Best program. Concluding...

Hi Price Oden here, I’m a principal senior security architect on the Microsoft IT Information Security (InfoSec) group. Dogfooding is part of Microsoft IT’s culture. It’s where Microsoft IT (MSIT) plays an important role and service for Microsoft’s enterprise...

Hi Don Nguyen here, I’m a senior security engineer with the Microsoft Information Security's (InfoSec), ACE Team. Continuing with our blog series on dogfooding, today I will be talking about phase 1: conduct a security design review , of our formal...

Hey there, my name is Sarah Pickard and I am a Senior Program Manager on the Microsoft Information Security Risk Management team. You have seen some blogs by Vineet Batta on the external release of Risk Tracker which is an application Information Security...

Hello Diane here. Do you ever wonder how Microsoft’s IT Information Security (InfoSec) is involved in the dogfooding process? This week we’re kicking off our blog series on dogfooding. It's a formal program in Microsoft IT known as the First & Best...

Organizations who would like to deploy the Risk Tracker v1.0 application in their own environment, Vineet Batta, senior software developer on Microsoft’s IST team, shares how in his blog, “ How to Integrate Risk Tracker with Internal HR Feeds...

The Microsoft Information Security Tools (IST) team releases Risk Tracker version 1.0 application. Risk Tracker built on CISF ( Connected Information Security Framework ) framework will help organizations manage, track and report on risks. Vineet Batta...

The old saying “A Picture Is Worth A Thousand Words” can certainly be seen on a Response Time Graph....

The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 . Read more about Anti-XSS v3.1 on the Information Security blog and watch the video, “ Anti-XSS 3.0 Released...

The Microsoft Information Security Tools (IST) team has released the Connected Information Security Framework (CISF) , a software development framework comprises of API’s and reusable components that is designed to ‘create bespoke or custom information...

Hello, Anmol here.   As you’ve been following along with me in my blog series on Security Development Lifecycle for Line-of-Business applications (SDL-LOB) , I’ve talked about Phase One , Two , Three and Four .   Today, I’ll discuss the last...

Kicking off our video series, ‘ ACE Security Consultants from the Field, ’ Talhah Mir from Microsoft Information Security , talks to two passionate individuals about security. Watch the podcast, “ ACE from the Field: Carric 'DEFCON Goon' Dooley ,”...

Hello, Anmol here…continuing our discussion of Security Development Lifecycle for Line-of-Business applications (SDL-LOB) process, let’s discuss Phase Four: Verification for LOB today. The SDL-LOB defines the standards and best practices for providing...

Hello, Anmol here.   For this blog series I’ll discuss the the Security Development Lifecycle for Line-of-Business applications (SDL-LOB) process and covering all 5 phases.   Today I’ll discuss Phase Three: Implementation for LOB .   The...

Hello, Anmol here.   This is a continuation of my blog series on the SDL-LOB process .   In my last blog entry I talked about Phase 1: Requirements for LOB .  Let’s discuss Phase Two:   Design for LOB.   As you read my blog series...

Hello, Anmol here.   For this blog series I’ll discuss the SDL-LOB process and cover all 5 phases as we go.   In my last blog entry I provided an overview of this process, Blog Series: Get Familiar with the SDL-LOB Process .  Today I’ll...

Hello, Anmol Malhotra here. I’m a Senior Security Engineer with ACE Team, a part of Microsoft IT Information Security group. I’d like to introduce you to the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB) process. As part...

VSTS 2008 has a great recording tool that allows you to create web test simply by recording your web traffic in the browser. But what if your application doesn’t use web browser, but still communicates with servers using HTTP or HTTPS protocols (such...

TechNet Webcast : Configuring with Least Privilege in SQL Server 2008 (Level 300) Tuesday, June 02, 2009 8:00 AM Pacific Time (US & Canada) Presenter: Varun Sharma, Security Engineer, Microsoft Corporation Overview : With SQL injection...