Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » testing » security   (RSS)
Risk Management
My first article on the topic of security testing and risk management is now published in the March 2009 issue of Testing Experience magazine, pages 28-30. http://www.testingexperience.com/subscribe.php (free online subscription takes you to PDF download Read More...
Posted: Friday, March 13, 2009 1:38 PM by ejarvi | (Comments Off)
Filed under: ,
Office Security Team
The Office security team typically targets memory-corruption bugs in the software like buffer overruns, integer overruns, and format strings... http://www.darkreading.com/document.asp?doc_id=159305 Read More...
Posted: Friday, July 18, 2008 3:13 PM by ejarvi | (Comments Off)
Filed under: ,
Security & Perf Videos
J.D. Meier has posted a decent index of videos covering performance testing, ASP.NET 2.0, and VSTS: http://blogs.msdn.com/jmeier/archive/2007/11/22/videos-security-performance-testing-and-visual-studio-team-system.aspx Read More...
Posted: Monday, November 26, 2007 3:32 PM by ejarvi | (Comments Off)
Filed under: , , , ,
Information Assurance
The Unintended Consequences of the Information Age Lecture Series: Our Infrastructures: Online and Vulnerable? Jointly sponsored by The Center for Information Assurance and Cybersecurity, UW-INSER, the MS Program in Strategic Planning for Critical Infrastucture, Read More...
Posted: Saturday, October 27, 2007 11:47 PM by ejarvi | (Comments Off)
Filed under: , ,
Patterns & Practices Security Videos
"Click Here" http://blogs.msdn.com/jmeier/archive/2007/03/24/patterns-practices-security-videos.aspx Read More...
Posted: Monday, March 26, 2007 10:53 AM by ejarvi | (Comments Off)
Filed under: , ,
Michael Howard on the Silver Bullet Security Podcast
Here's the link... http://www.cigital.com/silverbullet/show-006/ Read More...
Posted: Friday, September 29, 2006 8:19 PM by ejarvi | (Comments Off)
Filed under: , ,
the amazing live honey monkeys
Security researchers have all the fun. This paper describes how the Strider HoneyMonkey Exploit Detection system uses active client honeypots (AKA "honey monkeys") to find web sites that exploit browser vulnerabilities. ftp://ftp.research.microsoft.com/pub/tr/TR-2005-72.pd Read More...
Posted: Monday, August 15, 2005 4:05 PM by ejarvi | (Comments Off)
Filed under: , ,
How To Break Web Software
This is not a Microsoft sponsored talk, and the term "webinar" makes me cringe, but it might be worth it for testers in the crowd: "In this Webinar, the primary author of all three books of the "How to break.." series will take you on a journey through Read More...
Posted: Wednesday, August 03, 2005 2:02 PM by ejarvi | (Comments Off)
Filed under: , ,
static code analysis in the news
I remember a few years ago at a software quality conference in Portland telling people in the hallway after talks about these cool static code analysis tools we had, but then having to admit they were just internal. Fast forward to today, the news is Read More...
Posted: Tuesday, August 02, 2005 2:46 PM by ejarvi | 1 Comments
Filed under: , , ,
security kaizen
Some starting points for sharpening the security saw: Threat Modeling (MSDN) http://Channel9.Msdn.Com/Security (MSDN/Channel9/PAG security wiki) Read More...
Posted: Monday, June 27, 2005 1:43 PM by ejarvi | (Comments Off)
Filed under: , ,
thoughts on the future of dynamic code analysis
This really belongs in the comments field of my last blog post, but it turned out I had more thoughts to vent and this would make a monster of a comment, so here goes: What more could there be to dynamic analysis than code coverage and profiling? Probably Read More...
Posted: Friday, May 20, 2005 12:28 PM by ejarvi | 2 Comments
Filed under: , , , ,
writing code that doesn't require admin privileges
An internal email discussion on how to help people write code that doesn't require administrative privileges yielded the following links, hope somebody out there finds this helpful: Top Ten Tips for Secure Testing (#1 tip - test as non-admin): http://www.microsoft.com/whdc/driver/security/test-tips.mspx Read More...
Posted: Thursday, January 06, 2005 4:21 PM by ejarvi | 3 Comments
Filed under: ,
Page view tracker