Security Tools

Hi, Rajesh Gopisetty here. I am the India dev lead for the Information Security Tools team. The blog post discusses the authentication model in Vista and how enterprise can use it to build custom logon UI’s. Prior to Windows Vista, to log on to 3 rd party...

Hello, Anil Chintala here. I am a senior developer on the Information Security Tools team. I work in operations engineering cell which is focused on building scanning tools, data protection tools and number of other security tools to support InfoSec operations...

Nawal Kishore Gupta here. I am a developer on the Information Security Tools team focused on building host security assessment tools. This is the second part of a two part blog on how to verify the validity of IIS certificates on remote servers. The first...

Aravindhan Rajagopal here. I am a developer from Information Security Tools team. I had been working on couple of SharePoint projects in my team for the past couple of years and thought of posting a blog which would be helpful for beginners in particular...

RV is doing a talk at the local OWASP Chapter. Details below. http://www.owasp.org/index.php/Seattle#Next_Event_11_August_.28Tuesday.29

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this...

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this...

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this...

Mark Curphey here. Nearly two years ago I came to Microsoft to explore an idea. As Big Weld in the film Robots said “see a need, fill a need” and I had seen a need! For several years I had been looking at the security management tools space and talking...

Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing  Microsoft Threat Analysis and Modeling V3.0. With the availability of latest beta version of TAM V3.0, it becomes increasingly more important...

Mark Curphey here. I am delighted to say that Threat Analysis and Modeling (TAM) 3.0 Beta is now live on MSDN. You can download it here . RV posted an initial mail about some features yesterday here . RV will post series of screen casts on new features...

RV here… Last time we briefly talked about releasing TAM v3.0 this year. With each week we’re inching closer to that goal. TAM v3.0 release is focused on 3 main areas of the tool including: threat modeling methodology gathering application architecture...

RV here… Anti-XSS library 3.0 is now RTM!!! MSDN download center is updated with the new binaries. Here is a overview of the changes in 3.0 release. New features in this version of the Microsoft Anti-Cross Site Scripting Library include: An expanded white...

RV here… I wanted to share with you some tidbits on our new project called Web Protection Library (WPL) which contains libraries to protect web applications from common vulnerabilities and attacks. Our goal is to offer comprehensive web application protection...

Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing Microsoft Anti-XSS V3.0. The difference lies in implementation and performance you could get. The following are the differences between Microsoft.Security...

Andreas Fuchsberger here….. Within the Information Security Tools Group we are now really getting into a redesign of our popular Code Analysis Tool for .NET (CAT.NET). One of the biggest challenges we have is to redesign the engine so that it no longer...

Gaurav Sharma here, I’m a developer with the Information Security Tools team. A couple of months back when I was trying to understanding the .NET compilation model I encountered an interesting thing. I created a small program to print an Int32 type array...

Mark Curphey here......( @curphey on Twitter) There is a stack of new interesting videos and posts related to the software security tools we build that I found this week. Ben Livshits video on the architecture of CAT.NET here RV talking about TAM 3.0...

Kathy Shieh here, I am the US Dev Lead for the Information Security Tools team which means I manage the developers and testers (in the US and in Beijing). I have been at Microsoft for just over 10 years. “Ugh - I’ll never be able to finish all this work...

Raju Bhan here… I’m the Senior Security PM in Information Security Tools Team at Microsoft. Before choosing to be a PM, I was a developer and one of my projects was AutoConsistency Manager. AutoConsistency was all about ensuring Identity Consistency across...

Syam Pinnaka here, I am a Senior Developer on the Information Security Tools team focused mainly on building identity management software using Microsoft Forefront Identity Manager (more info about FIM can be found here and well be talking about the work...

Syed Aslam Basha here…..I am a tester on the Information Security Tools team. There is a new build of CAT.NET Version 1.1.1.9 now available for download on MSDN ( 32 bit here and 64 bit here ). We recommend *ALL* users upgrade to this latest release,...

Vineet Batta here…..I am senior software development engineer in Information Security Tools team at Microsoft. Today I am going to share my experiences on encrypting data at rest.  Most organizations want to secure their HBI (High Business Impact...

Marius Grigoriu here… I’m the Product Manager for Risk Tracker and parts of the Connected Information Security Framework, some of the software we’re building for Microsoft Information Security and that we will frequently mention on this blog. The other...

Randy Evans here…I am a Principal Architect on the Information Security Tools team. During the Risk Tracker project (something well be talking more about in the coming weeks), we found that a natural hierarchy of roles was inherent in the RBA authorization...