Welcome to MSDN Blogs Sign in | Join | Help

October 2007 - Posts

First Line of Defense for Web Applications – Part 3

Precaution: Are you consuming Unexpected Input Technology is developing fast and web programming languages are coming up with features or ways to ease the job of our developers. Although it brings a smile on developers face, there is a flip side to this. Read More...
Posted Tuesday, October 30, 2007 2:53 PM by techjunkie | 4 Comments
Filed under:

Weekend Security Reading Round up Links 10/27/07

Microsoft Research Reveals New Trends in Cybercrime This is well worth reading if you're in Info Sec... I particularly was nodding my head violently yes when I read the following: "The research indicates there are tensions within organizations over Read More...
Posted Saturday, October 27, 2007 1:21 AM by techjunkie | 1 Comments

Some technical details on how XSSDetect does Dataflow Analysis

Hi, my name is Hassan Khan. I work for the ACE Engineering Team, which is a part of the ACE (Application Consulting & Engineering) Team . We develop tools and solutions to help secure Microsoft Line of Business applications, websites and also work Read More...
Posted Tuesday, October 23, 2007 11:41 PM by techjunkie | 7 Comments
Filed under: ,

First Line of Defense for Web Applications – Part 2

Hello everyone, as promised I am back with the next post on input validation series for web applications. Knowledge is power right :). So knowing what all things to validate when you start your web project can save you a lot of headache down the road. Read More...
Posted Monday, October 22, 2007 9:02 PM by techjunkie | 2 Comments
Filed under:

Weekend Security Reading Round up Links - 10/20/07

Inside the Matrix for Mobiles A pretty interesting concept: hack together a platform for connecting the innards of over one hundred different types of cell phones and then connect them to servers allowing virtual access for testing purposes over the Internet. Read More...
Posted Saturday, October 20, 2007 1:40 AM by techjunkie | 1 Comments
Filed under: ,

First Line of Defense for Web Applications – Part 1

Hi folks, I am Anmol Malhotra and I work with ACE Services Team as a security consultant. There are lots of security principles which one should be aware of while developing software but at the heart of any secure application, there should be a first Read More...
Posted Friday, October 12, 2007 11:27 PM by techjunkie | 4 Comments
Filed under:

Weekend Security Reading Round up Links - 10/12/07

All about the data: IT security starts with a data-centric worldview ACE Team's Roger A. Grimes has posted a great summary of the importance of having a data-centric way of looking at things for computer/information security to work in an IT environment. Read More...
Posted Friday, October 12, 2007 10:55 PM by techjunkie | 2 Comments
Filed under: ,

Securing the Gateway to Your Enterprise: Web Services

Eugene Siu, a Senior Security Consultant on the ACE Team has just published a great article summarizing some of the pitfalls and issues around web services security. You can read the whole article here. -techjunkie Read More...
Posted Friday, October 12, 2007 10:04 PM by techjunkie | 1 Comments
Filed under:

Mark Curphey joins Microsoft's ACE Team

We're super excited to have Mark aboard, Mark was formerly running FoundStone Consulting and also founded OWASP . Here's Mark's note about joining and you can also check out Mark's own blog here. -techjunkie Read More...
Posted Monday, October 08, 2007 10:25 AM by techjunkie | 1 Comments
Filed under:

Weekend Security Reading Round up Links - 10/5/07

What's hot in Microsoft security: White lists; Blue hats A discussion on Symantec’s proposal to whitelist everything on a Windows box as well as a summary of Microsoft’s Bluehat 10 Microsoft Security Links to Blow Your Mind Pretty self explanatory, no? Read More...
Posted Friday, October 05, 2007 11:37 AM by techjunkie | 2 Comments
Filed under: ,

The difference between pentesting and an application development security process Part I

Many times when we’re speaking with a customer or reviewing material from security vendors, the inclination we’ve seen is to rely on penetration testing or code analysis/scanning tools and other solutions to make up for the fact that there is no comprehensive Read More...
Posted Thursday, October 04, 2007 10:13 PM by techjunkie | 3 Comments

Welcome, finally.

Over the last several weeks after launching this blog we’ve had several logistical issues to deal with and I’m hoping all of those are now addressed so we can get on with what you’ve been asking for, some great content!! Initially I had named the blog Read More...
Posted Thursday, October 04, 2007 10:04 PM by techjunkie | 8 Comments
Filed under:
 
Page view tracker