Browse by Tags
All Tags »
Security (RSS)
In an effort to enable organizations to have a predictable and timely schedule around patches, Microsoft implements a process whereby patches to software are released on the second Tuesday of each month. Out-of-band hotfixes are rare and are released
Read More...
Earlier today at Microsoft Tech·Ed EMEA 2008 - Developer in Barcelona, we announced the launch of the SDL Optimization Model , SDL Pro Network and the Microsoft SDL Threat Modeling Tool 3.1 Beta ! You can read more about this announcement here or you
Read More...
The realDEVELOPMENT_07 tour is coming to a Canadian city near you, and the focus is helping you be successful in your day to day jobs. This half day event will provide you with cool tips, tricks and tools to help you tackle the real Web development challenges
Read More...
My Chat With Dana Epp (MP3) Dana Epp is one of my heroes. I'm a big fan of his blog and have been following his community involvement for the past three years. Earlier today, I got a chance to chat with Dana about security. More specifically, we chatted
Read More...
Thanks to everybody who was able to attend my security webcast. As promised, here are some resources you can use to better understand what the SDL can do for you! Tools: (The ones I used during the webcast) Microsoft Threat Analysis & Modeling Tool
Read More...
To celebrate the consumer launch of Windows Vista on January 30 2007, Microsoft Canada built a Digital Ice House at the corner of Dundas and Yonge Street in Toronto, in the middle of Dundas Square. Here are some photos with highlights from the event which
Read More...
Wow! It was great to see such a high attendance and have it be sustained through three sessions and four hours in total. The three sessions were: Hacking Revealed presented by Dan Sellers (me) Mitigation and Detection by Kevin Lam Threat Modeling by Deepak
Read More...
I would recommend that you share this post on the http://blogs.msdn.com/S4CD with anyone that automatically cite resources as an excuse for not writing secure code. This is an extremely well documented example of how a small team can developer secure
Read More...
MSDN Canada has created a new blog dedicated 100% to Security for Canadian Developers. Hence the initials in the name of S4CD and the full address is http://blogs.msdn.com/S4CD This blog will consist of guest bloggers from some of the leading Security
Read More...
The on-demand Webcast of SQL Server 2005 for Developers, conducted on March 22, 2006, by Rob Walters--Program Manager, SQL Server Security-- and I, is now available for on-demand viewing . Post Notes from this Webcast can be found at my blog . Look forward
Read More...
This morning was a jammed filled session covering off a lot of changes made to Microsoft SQL Server 2005. Over the last few weeks we talk exclusively about Front End security issues such as Input trust and the creation of a Development and Design environment
Read More...
In today’s webcast we had the opportunity to explore the buffer overrun attack in depth which is considered one of the worst vulnerabilities that exist. Any code that is written in C or C++ --without proper security code reviews--on any platform is susceptible
Read More...
In today's Webcast we first started off with a continuation from last week . Last week we explored how to setup a development and design environment that closely emulates your production environment to make your testing more effective and efficient. This
Read More...
In a recent post I mentioned that Microsoft released a new Anti-Cross Site Scripting Tool. However, at the time the library only worked with ASP.NET 2.0 applications. Today, the Library has been updated and now works with .NET Framework 1.0, 1.1 and 2.0.
Read More...
On Wednesday March 1, I conducted part one of a five part series titled "Security on the Brain". The goal of this series of WebCasts is to examine some of the tools and security features that have been incorporated into either the .NET Framework 2.0 or
Read More...
