security
Alan Myrvold has a new post on the Office 2010 engineering blog covering password complexity and related functionality in Office: http://blogs.technet.com/office2010/archive/2009/10/16/enabling-password-rules-for-office-2010.aspx
Read More...
My first article on the topic of security testing and risk management is now published in the March 2009 issue of Testing Experience magazine, pages 28-30. http://www.testingexperience.com/subscribe.php (free online subscription takes you to PDF download
Read More...
The Office security team typically targets memory-corruption bugs in the software like buffer overruns, integer overruns, and format strings... http://www.darkreading.com/document.asp?doc_id=159305
Read More...
J.D. Meier has posted a decent index of videos covering performance testing, ASP.NET 2.0, and VSTS: http://blogs.msdn.com/jmeier/archive/2007/11/22/videos-security-performance-testing-and-visual-studio-team-system.aspx
Read More...
The Unintended Consequences of the Information Age Lecture Series: Our Infrastructures: Online and Vulnerable? Jointly sponsored by The Center for Information Assurance and Cybersecurity, UW-INSER, the MS Program in Strategic Planning for Critical Infrastucture,
Read More...
"Click Here" http://blogs.msdn.com/jmeier/archive/2007/03/24/patterns-practices-security-videos.aspx
Read More...
Here's the link... http://www.cigital.com/silverbullet/show-006/
Read More...
"This web site exists to support the development of secure coding standards for commonly used programming languages such as C and C++. " https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards
Read More...
This article has an interesting peek into life at the Microsoft Security Response Center: http://redmondmag.com/features/article.asp?EditorialsID=616 "I'm at the shop and over the radio I hear: 'The Internet was taken down today by a worm affecting SQL
Read More...
Here's an interesting blog to watch courtesy the Open Source Software Lab @ Microsoft - http://port25.technet.com/ (for RSS - http://port25.technet.com/rss.aspx )
Read More...
Some good links if you want to check out some of the speakers and topics addressed at the last Microsoft bluehat conference: http://blogs.technet.com/bluehat/archive/2006/03/21/422707.aspx
Read More...
"In the ongoing battle to fight internal and external threats on the corporate desktop, IT staffers may be forgetting one very potent weapon in their arsenal—system lockdown." http://www.thechannelinsider.com/print_article2/0,1217,a=166172,00.asp If you
Read More...
There were two vendors at SecureWorld conference today in Bellevue that might be worth checking out if you are looking for developer/tester related security products. They should also be there tomorrow as well - free registration if you are just walking
Read More...
"a simple yet little-known approach exists for users to avoid many of these vulnerabilities in any web browser" http://www.securityfocus.com/infocus/1848
Read More...
Thank to .NET Delirium for pointing out this site: http://blogs.msdn.com/gduthie/archive/2005/09/01/459576.aspx
Read More...
