Jossie Tirado

Jossie

Total Posts: 16
Channel 9 Blog for Jossie
page 1 of 2

Web Application Configuration Analyzer (WACA)

Posted By: Jossie | Nov 20th @ 2:21 PM | Comments: 0
Web Application Configuration Analyzer (WACA)
Anil Revuru (RV), from Microsoft Information Security, introduces a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it. For more info watch the Assessment & Protection (A&P) Suite video.…[more ]
Tags: information security, infosec, ist, Security, Tools, waca

Assessment and Protection Suite

Posted By: Jossie | Nov 12th @ 9:21 AM | Comments: 0
Assessment and Protection Suite
Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools:

  • Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others
  • CAT.NET
    • <…[more ]
Tags: antixss, information security, infosec, ist, Security, Tools, wpl

Enhanced Web Protection Library

Posted By: Jossie | Nov 12th @ 9:21 AM | Comments: 0
Enhanced Web Protection&#38;nbsp;Library
Anil Revuru (RV), from Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS) attacks. This enhanced version of the library will introduce mitigation to other attacks like:

  • SQL Injection
  • Cross-Site Request Forgery (CSRF)
  • Setting Enforcement like SSL & HTTP_ONLY cookies
    • <…[more ]
Tags: antixss, information security, infosec, ist, Security, Tools, wpl

Anti-XSS Library v3.1: Find, Fix, and Verify Errors

Posted By: Jossie | Sep 23rd @ 10:20 AM | Comments: 4
Anti-XSS Library v3.1: Find, Fix, and Verify&#38;nbsp;Errors
Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.

[more ]
Tags: ace, ace team, antixss, information security, infosec, ist, Security, Tools

Connected Information Security Framework: Core Components

Posted By: Jossie | Sep 23rd @ 10:19 AM | Comments: 0
Connected Information Security Framework: Core&#38;nbsp;Components
Marius Grigoriu and Vineet Batta, from Microsoft Information Security, talk about the technical components for the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security an…[more ]
Tags: cisf, information security, infosec, ist, Security, Tools

CISF: Build Custom Security Solutions

Posted By: Jossie | Sep 17th @ 8:31 PM | Comments: 0
CISF: Build Custom Security&#38;nbsp;Solutions
Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of Connected Information Security Framework (CISF).  A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker.[more ]
Tags: cisf, information security, infosec, ist, Security, Tools

SDL-LOB Phase 3: Implementation

Posted By: Jossie | Jul 20th @ 10:54 AM | Comments: 2
SDL-LOB Phase 3:&#38;nbsp;Implementation
The third phase of the SDL-LOB (Security Development Lifecycle for Line-of-Business applications) includes Implementation.[more ]
Tags: ace, ace team, development, information security, infosec, LOB, SDL, sdl-lob, Security

Anti-XSS 3.0 Released

Posted By: Jossie | Jul 15th @ 9:12 AM | Comments: 0
Anti-XSS 3.0&#38;nbsp;Released
Vineet Batta and Anil Revuru (RV), from Microsoft Information Security, talk about the release of the new version of the Anti-XSS library, which is designed to encode output to help developers protect their ASP.NET web-based applications from cross-site scripting attacks. …[more ]
Tags: ace, ace team, antixss, information security, infosec, ist, LOB, SDL, sdl-lob, Security, Tools

Silverlight 2 Security

Posted By: Jossie | Jul 13th @ 5:43 PM | Comments: 0
Silverlight 2&#38;nbsp;Security
The usage of Silverlight to provide users a rich internet experience continues to increase. As it becomes a key element on our web applications, it is good to keep in mind that it still runs code on the user's machine.…[more ]
Tags: ace, ace team, information security, infosec, Security, Silverlight 2

Threat Modeling LOB Applications with TAM 3.0

Posted By: Jossie | Jul 6th @ 3:38 PM | Comments: 0
Threat Modeling LOB Applications with TAM&#38;nbsp;3.0
Andrew Law, from Microsoft Information Security, walks us through the creation of a threat model for a line-of-business application using the Threat Analysis & Modeling tool version 3.0. This screencast includes the definition and purpose of a threat model as well as its alignment with the SDL-LOB.

[more ]
Tags: ace, ace team, information security, infosec, LOB, SDL, sdl-lob, Security, tam, threat modeling, Tools
page 1 of 2
Microsoft Communities