Browse by Tags

Tagged Content List
  • Blog Post: Necessary, Explained, Actionable, and Tested (NEAT) Cards

    Previously, we blogged about “ Adding Usable Security to the SDL .” Feedback as we hand out the cards at a variety of conferences has been amazingly positive. We wanted to make it easier for folks outside of Microsoft to take advantage of NEAT, and so today, we’re putting those cards...
  • Blog Post: Tooling News: Web Application Configuration Analyzer Released

    Hello all, this is Monty LaRue posting with some SDL related tools news. Microsoft has recently released an updated version of the Web Application Configuration Analyzer (WACA). While this tool isn't intended to satisfy specific SDL requirements, it is valuable for performing best practices checks on...
  • Blog Post: Adding Usable Security to the SDL

    Adam Shostack here. Lately, I’ve been focused on how we bring the engineering of usable security into the SDL. When I say usable security, I mean that for those times when we need to ask a user for input on something only they know. (For example, are you connecting to a coffee shop network or your...
Page 1 of 1 (3 items)