May, 2008

  • The Security Development Lifecycle

    SQL Injection Follow-up

    • 1 Comments
    Hi everyone, Bryan here. Michael wrote a great post here on SDL-required SQL injection defense techniques in the wake of the recent mass SQL injection attacks against ASP sites. Additionally, the Security Vulnerability Research & Defense blog has...
  • The Security Development Lifecycle

    SDL Training

    • 1 Comments
    Hi everyone, Shawn Hernan here. Being a security guy is incredibly rewarding because you get to look at virtually any part of a product, from kernel drivers to web services to user education to sales and servicing. You have to do that because a failure...
  • The Security Development Lifecycle

    Giving SQL Injection the Respect it Deserves

    • 22 Comments
    Hello, Michael here... You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise...
  • The Security Development Lifecycle

    How Secure is Secure?

    • 1 Comments
    Hi folks, Eric Bidstrup here. As I touched on in my December posting on Common Criteria , and as Michael Howard discussed in his post on security metrics , trying to objectively quantify and measure “How secure is secure” is far more difficult than...
  • The Security Development Lifecycle

    SDL and the OWASP Top Ten

    • 2 Comments
    Hi everyone, Bryan here. I’m speaking at BlueHat today and tomorrow about some of my experiences as a new Security PM here at Microsoft. I’d like to take this week’s blog entry to share some of my presentation with those of you that can’t make it in person...
Page 1 of 1 (5 items)