Welcome to MSDN Blogs Sign in | Join | Help

News

October 2008 - Posts

Applying SDL Principles to Legacy Code
Hello, this is Scott Stender from iSEC Partners, one of the SDL Pro Network partners. As security consultants, we at iSEC work with a variety of companies to drive security throughout their development cycle. Clients with mature security processes ask Read More...
Posted: Monday, October 27, 2008 10:24 AM by sdl | 1 Comments
MS08-067 and the SDL
Hi, Michael here. No doubt you are aware of the out-of-band security bulletin issued by the Microsoft Security Response Center today, and like all security vulnerabilities, this is a vulnerability we can learn from and, if necessary, can use to shape Read More...
Posted: Wednesday, October 22, 2008 6:09 PM by sdl | 12 Comments
Filed under:
Good hygiene and Banned APIs
Jeremy Dallman here with a quick note about a code sanitizing tool we are making available to support one of the SDL requirements – Remove all Banned APIs from your code. This requirement was put in place to prevent use of certain older C runtime functions Read More...
Posted: Wednesday, October 22, 2008 3:08 PM by sdl | 5 Comments
Filed under:
Experiences Threat Modeling At Microsoft
Adam Shostack here. Last weekend, I was at a Security Modeling Workshop, where I presented a paper on “ Experiences Threat Modeling at Microsoft ,” which readers of this blog might enjoy. So please, enjoy! And while I’m at it, I wanted to draw attention Read More...
Posted: Wednesday, October 08, 2008 11:12 AM by sdl | 2 Comments
Filed under:
Mitigating Exploitation Techniques
Hi, Matt Miller from Microsoft’s Security Science team here to talk about exploitation & mitigation. Over the past decade exploitation techniques have been developed and refined to the point that very little expertise has been needed to successfully Read More...
Posted: Thursday, October 02, 2008 5:07 PM by sdl | 2 Comments
Page view tracker