Welcome to MSDN Blogs Sign in | Join | Help

News

April 2009 - Posts

Security Development Processes and Transparency
Hi, Michael here, The following article, ” Major software makers fail security transparency test ” caught my eye this morning, because it covers a topic of great interest to me ; : companies documenting their security and privacy-related software development Read More...
Posted: Thursday, April 30, 2009 12:33 PM by sdl | 1 Comments
Filed under:
You Can’t Outrun the Bear, so Let’s Make a Deal
Hello, Michael Weiss here. Nothing like having two Michaels around to confuse everyone. At least there are only two here. On a previous team, I was one of five Michaels. Over the next several weeks, I’ll be posting a series of entries to help explain Read More...
Posted: Thursday, April 23, 2009 1:27 PM by sdl | 2 Comments
Filed under:
Watcher: A New Web Security Testing Tool
[Bryan here. We have a guest blogger this week: Chris Weber of Casaba Security will be talking about his company’s new free web application security auditing tool, Watcher. We on the SDL team are pretty excited about it, especially because it verifies Read More...
Posted: Thursday, April 16, 2009 3:10 PM by sdl | 2 Comments
Improving Security with URL Rewriting
Hi everyone, Bryan here. Most web application security experts frown on the practice of passing session or authentication tokens in a URL through the use of URL rewriting. Usually these tokens are passed between the server and the browser through HTTP Read More...
Posted: Thursday, April 09, 2009 9:25 AM by sdl | 9 Comments
/GS buffer overrun enhancements in Visual C++ 2010
Michael here... Security is a never-ending game of leapfrog as attackers work out ways around our defenses and we defenders constantly update defenses. At Microsoft, we always try to chose the most appropriate way to place one or more defenses; some defenses Read More...
Posted: Friday, April 03, 2009 8:04 AM by sdl | 1 Comments
Page view tracker