Hello, Randy Evans here. I am a principal developer on the Information Security Tools team. In a recent project, we found it necessary to get collections of users from security groups defined in Active Directory (AD). It is common practice for security...

Syed Aslam Basha here. I am the tester on the Information Security Tools team and responsible for testing  Microsoft Threat Analysis and Modeling v3.0. In the previous blog post we have highlighted feature list of TAM V3.0 (For more information ...

Raju Bhan here, I am a PM on the Information Security Tools team   If you haven’t had a chance to go through my last blog about ensuring identity consistency, please check it out here since Easy ID is an extension of that. Easy ID was created to...

RV here... Security Development Lifecycle and other security development processes help developers build secure application and one of the key outputs of these processes is security guidance. You might ask, what is security guidance? From an architect...

Hi, Rajesh Gopisetty here. I am the India dev lead for the Information Security Tools team. The blog post discusses the authentication model in Vista and how enterprise can use it to build custom logon UI’s. Prior to Windows Vista, to log on to 3 rd party...

Hello, Anil Chintala here. I am a senior developer on the Information Security Tools team. I work in operations engineering cell which is focused on building scanning tools, data protection tools and number of other security tools to support InfoSec operations...

Nawal Kishore Gupta here. I am a developer on the Information Security Tools team focused on building host security assessment tools. This is the second part of a two part blog on how to verify the validity of IIS certificates on remote servers. The first...

Aravindhan Rajagopal here. I am a developer from Information Security Tools team. I had been working on couple of SharePoint projects in my team for the past couple of years and thought of posting a blog which would be helpful for beginners in particular...

RV is doing a talk at the local OWASP Chapter. Details below. http://www.owasp.org/index.php/Seattle#Next_Event_11_August_.28Tuesday.29

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this...

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this...

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this...

Mark Curphey here. Nearly two years ago I came to Microsoft to explore an idea. As Big Weld in the film Robots said “see a need, fill a need” and I had seen a need! For several years I had been looking at the security management tools space and talking...

Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing  Microsoft Threat Analysis and Modeling V3.0. With the availability of latest beta version of TAM V3.0, it becomes increasingly more important...

Mark Curphey here. I am delighted to say that Threat Analysis and Modeling (TAM) 3.0 Beta is now live on MSDN. You can download it here . RV posted an initial mail about some features yesterday here . RV will post series of screen casts on new features...

RV here… Last time we briefly talked about releasing TAM v3.0 this year. With each week we’re inching closer to that goal. TAM v3.0 release is focused on 3 main areas of the tool including: threat modeling methodology gathering application architecture...

RV here… Anti-XSS library 3.0 is now RTM!!! MSDN download center is updated with the new binaries. Here is a overview of the changes in 3.0 release. New features in this version of the Microsoft Anti-Cross Site Scripting Library include: An expanded white...

RV here… I wanted to share with you some tidbits on our new project called Web Protection Library (WPL) which contains libraries to protect web applications from common vulnerabilities and attacks. Our goal is to offer comprehensive web application protection...

Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing Microsoft Anti-XSS V3.0. The difference lies in implementation and performance you could get. The following are the differences between Microsoft.Security...

Andreas Fuchsberger here….. Within the Information Security Tools Group we are now really getting into a redesign of our popular Code Analysis Tool for .NET (CAT.NET). One of the biggest challenges we have is to redesign the engine so that it no longer...

Gaurav Sharma here, I’m a developer with the Information Security Tools team. A couple of months back when I was trying to understanding the .NET compilation model I encountered an interesting thing. I created a small program to print an Int32 type array...

Mark Curphey here......( @curphey on Twitter) There is a stack of new interesting videos and posts related to the software security tools we build that I found this week. Ben Livshits video on the architecture of CAT.NET here RV talking about TAM 3.0...