The Application Consulting & Engineering team (ACE Team) assesses all of Microsoft’s line of business applications for privacy and security vulnerabilities. Senior Security Technologist Talhah Mir discusses the Threat Analysis and Modeling tool he has designed
and which is being…
SQL Detect is a SQL injection filter in real-time mode. When a request happens in the application the tool applies different heuristics to the data and tries to identify the attack. After the request is validated it proceeds.
Maqbool Malik, from
Microsoft Information Security, describes how…
During this module, you will learn how Hyper-V compares with VMware in terms of handling Multi-tenancy and Security (Hyper-V Extensible Switch, Networking Performance and Security) as well as Flexible Infrastructure options such as Virtual Machine Mobility and Network Virtualization. [02:42] -…
Anil Revuru (RV), from
Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS) attacks. This enhanced version of the library will introduce mitigation to other attacks
In this second of a series on what developers should know about SQL Server, Jim takes a brief look at SQL Injection attacks, how they occur and what types of things you can do (as well as things you shouldn’t do!) to eliminate your susceptibility to them.
Also mentioned are a number of third-party…
I'm posting this on behalf of
Andrew Fryer who usually posts to TechNet but today has something developer focused for us:
"Glenn Pittaway the Group Program Manager for the Secure development Lifecycle (SDL) talks about the past present and future of SDL. The SDL methodology is at the…
"Teens need more security," Dan Appleman says. Here's the other videos from Dan:
On a security crusade.
Where are teenagers feeling computing pain?
What are some security tips?
How does a teenager differ from a software developer?
You can read more from Dan on his blog.
Anil Revuru (RV), from
Microsoft Information Security, walks us through a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it. For more info watch the Assessment
& Protection (A&P) Suite video.WACA is designed to…
Security is not something we just add at the end of the implementation phase...it should be
baked into the application all the way from design.
Anmol Malhotra, from
Microsoft Information Security, provides more than enough reasons why Security Design Reviews make sense and why they are so…
Victoria Poncini, a Network Architect responsible for designing, architecting and implementing Microsoft’s global wireless solution speaks with us about How Microsoft Does Wireless. Authentication,
encryption, operational challenges, security risks such as rogue access points and goals for this…