Anmol Malhotra : Reading a Hacker's Mind

Talking to Bryan Sullivan on the SDL team last week, I came to know about a cool new security testing tool - "Watcher". This is a plugin to web debuging proxy Fiddler and checks for more than 35 different vulnerabilites. Yes, its Free!! This new plugin...

We’ve recently launched a site on MSDN. Visit Microsoft IT's Information Security (InfoSec) group here . On the site, you'll find the latest news on InfoSec including security tools, webcasts and “How do I?” videos. If you’re not familiar with InfoSec...

CLICK HERE TO REGISTER NOW Presenter: Andreas Fuchsberger, Senior Software Design Engineer, Microsoft Corporation Summary : In this webcast, we provide an overview of what static code analysis is and typical coding errors that static analysis...

www.HelloSecureWorld.com provides a powerful experience for promoting security awareness and education in the developer community by surfacing existing content as well as new. Well, If you like learning while having FUN then hellosecureworld.com is...

Hello folks, I just completed my blog series on Input Validation Strategies on our hackers blog - http://blogs.msdn.com/hackers Dan Cornell summarized this series perfectly on his blog http://denimgroup.typepad.com/denim_group/2008/01/first-line-of...

XSSDetect is available for download now. It's tool which helps identify Cross Site Scripting Vulnerabilities in .NET code. XSSDetect runs as a Visual Studio plug-in and can detect potential XSS issues in managed code. Here's a screenshot: ...

Abstract: With the dawn of the internet, online businesses and millions of applications have become part of our lives. But these application and its users does face many challenges. Applications level threats have grown tremendously. Online identity...

Hello folks, It's been a while since my last blog. Well I have been keeping busy with relocating all the way from India to US. Yes, I have now joined Microsoft -Redmond team. Leaving a country is not all an easy task folks but i am glad things went...

Strong Naming an Assembly: Assembly should be strongly named à Proves the integrity of the Assembly and provides a means using which an Assembly is uniquely identified. Concept: To prove the integrity of the assembly, firstly the hash of the assembly...

Folks, Here are my session details for TechMela 2007 My deep dive session is scheduled for 16th June : 11:00 AM to 12:00 PM : Threat Modeling Strategy for LOB applications. You can checkout more details here... http://www.techmela.com/speaker.htm &...

Hi Guys, We are Hiring in Microsoft ACE- Application Consulting and Engineering Team. Positions are based out of Hyderabad, India campus. We are looking for folks with profile something similar to this- http://blogs.msdn.com/ace_team/archive/2006/07/14...

Hi guys, I am going to present deep dive session on Threat Modeling Process and our very own Threat analysis and modeling Tool - TAM in TechMela 2007 in Mumbai [13th - 16th June] For more information on the event registerations, sessions...

Check for persistent Cross attack-Site Scripting bugs through the input form fields Steps: o Identify entry points that collect user input such as Form inputs [e.g text boxes], query string parameters, etc. o Check if the user input saved to...

<Alice> Good Morning, this is Company’s Technical Support, I am Alice speaking, how can I help you? <Bob> Hi Good Morning Alice, this is Bob Davis- Head of Marketing and sales. I am in the middle of a presentation with one of the biggest...

Welcome to the Security Tools for Testers Part II, in Part I we looked at security tools available for developers which can enable them to indentify security issues upfront in the development cycle. Let’s move up the chain and see what tools testers can...

http://www.dailyindia.com/show/114325.php/Snow-the-white-gold-of-Himachal My friend ashish emailed me some new pictures of shimla covered in white gold this morning. Beautiful is the word. Cheers, Anmol Malhotra

An excellent video showcasing a security battle between white hats & black hats folks. The code room breaking into Vegas video narrates a story how bad guys hack in to an online casino in Las Vegas & how security guys pitch in for rescue. Cool...

Here is an interesting security issue on COM+ proxies. It is such a biggy in terms of exposure & impact it has on the application. My customer was facing this issue where the generated COM+ proxies had all the source code of the services component...

Today I am going to talk about some security considerations to keep in mind when hosting multiple un trusted .NET applications on a single Server. Concerns : 1. I am an Internet Service Provider which also offers shared hosting services for clients...

Security tools for Developers – Part I The first line of defence is the developers of applications. If they are equipped with security know/how & various tools available upfront during the development cycle there would be far lesser number of security...

Hello everyone, my name is Anmol Malhotra and I work as a security technologist with ACE [ Application Consulting & Engineering] team in Microsoft. In this blog, I am going to share my thoughts, experiences around application security & security...