October, 2008

  • The Security Development Lifecycle

    MS08-067 and the SDL

    • 10 Comments
    Hi, Michael here. No doubt you are aware of the out-of-band security bulletin issued by the Microsoft Security Response Center today, and like all security vulnerabilities, this is a vulnerability we can learn from and, if necessary, can use to shape...
  • The Security Development Lifecycle

    Good hygiene and Banned APIs

    • 5 Comments
    Jeremy Dallman here with a quick note about a code sanitizing tool we are making available to support one of the SDL requirements – Remove all Banned APIs from your code. This requirement was put in place to prevent use of certain older C runtime functions...
  • The Security Development Lifecycle

    Mitigating Exploitation Techniques

    • 2 Comments
    Hi, Matt Miller from Microsoft’s Security Science team here to talk about exploitation & mitigation. Over the past decade exploitation techniques have been developed and refined to the point that very little expertise has been needed to successfully...
  • The Security Development Lifecycle

    Experiences Threat Modeling At Microsoft

    • 2 Comments
    Adam Shostack here. Last weekend, I was at a Security Modeling Workshop, where I presented a paper on “ Experiences Threat Modeling at Microsoft ,” which readers of this blog might enjoy. So please, enjoy! And while I’m at it, I wanted to draw attention...
  • The Security Development Lifecycle

    Applying SDL Principles to Legacy Code

    • 1 Comments
    Hello, this is Scott Stender from iSEC Partners, one of the SDL Pro Network partners. As security consultants, we at iSEC work with a variety of companies to drive security throughout their development cycle. Clients with mature security processes ask...
Page 1 of 1 (5 items)