May, 2008

  • The Security Development Lifecycle

    Giving SQL Injection the Respect it Deserves

    • 22 Comments
    Hello, Michael here... You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise...
  • The Security Development Lifecycle

    SDL and the OWASP Top Ten

    • 2 Comments
    Hi everyone, Bryan here. I’m speaking at BlueHat today and tomorrow about some of my experiences as a new Security PM here at Microsoft. I’d like to take this week’s blog entry to share some of my presentation with those of you that can’t make it in person...
  • The Security Development Lifecycle

    How Secure is Secure?

    • 1 Comments
    Hi folks, Eric Bidstrup here. As I touched on in my December posting on Common Criteria , and as Michael Howard discussed in his post on security metrics , trying to objectively quantify and measure “How secure is secure” is far more difficult than...
  • The Security Development Lifecycle

    SDL Training

    • 1 Comments
    Hi everyone, Shawn Hernan here. Being a security guy is incredibly rewarding because you get to look at virtually any part of a product, from kernel drivers to web services to user education to sales and servicing. You have to do that because a failure...
  • The Security Development Lifecycle

    SQL Injection Follow-up

    • 1 Comments
    Hi everyone, Bryan here. Michael wrote a great post here on SDL-required SQL injection defense techniques in the wake of the recent mass SQL injection attacks against ASP sites. Additionally, the Security Vulnerability Research & Defense blog has...
Page 1 of 1 (5 items)