Welcome to MSDN Blogs Sign in | Join | Help

May 2008 - Posts

SQL Injection Follow-up
Hi everyone, Bryan here. Michael wrote a great post here on SDL-required SQL injection defense techniques in the wake of the recent mass SQL injection attacks against ASP sites. Additionally, the Security Vulnerability Research & Defense blog has Read More...
Posted: Friday, May 30, 2008 8:58 AM by sdl | 1 Comments
SDL Training
Hi everyone, Shawn Hernan here. Being a security guy is incredibly rewarding because you get to look at virtually any part of a product, from kernel drivers to web services to user education to sales and servicing. You have to do that because a failure Read More...
Posted: Thursday, May 29, 2008 8:22 AM by sdl | 1 Comments
Giving SQL Injection the Respect it Deserves
Hello, Michael here... You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise Read More...
Posted: Thursday, May 15, 2008 11:45 AM by sdl | 16 Comments
Filed under:
How Secure is Secure?
Hi folks, Eric Bidstrup here. As I touched on in my December posting on Common Criteria , and as Michael Howard discussed in his post on security metrics , trying to objectively quantify and measure “How secure is secure” is far more difficult than one Read More...
Posted: Thursday, May 08, 2008 9:46 AM by sdl | 1 Comments
SDL and the OWASP Top Ten
Hi everyone, Bryan here. I’m speaking at BlueHat today and tomorrow about some of my experiences as a new Security PM here at Microsoft. I’d like to take this week’s blog entry to share some of my presentation with those of you that can’t make it in person. Read More...
Posted: Thursday, May 01, 2008 8:46 AM by sdl | 1 Comments
Page view tracker