VIDEOS

Applying Microsoft SDL Implementation Practices within Windows Azure | TechNet Video

Run Time:33:08 Uploaded:1/18/2011 Presenter: Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/da4120e6-7f4a-4d5f-a324-049150a713dd.mp4" width="800px" height="600px"></embed>

In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, explains how the Implementation phase of the Microsoft SDL applies to buildin...

Read more

In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, explains how the Implementation phase of the Microsoft SDL applies to building Windows Azure application. He starts first by defining both the similarities and key differences between implementation of on-premises solutions and Windows Azure-based applications. Following the theme of Peter’s previous theory video, Peter dives into specific tools that can be of use to secure implementation of applications on Windows Azure, including Checkmarx, Coverity and Veracode. The conversation then moves to properly implementing defenses against usual web threats (SQL injection, XSS, authentication, etc.) in the Windows Azure web applications.

October 2013 Security Bulletin Webcast | TechNet Video

Run Time:37:25 Uploaded:10/14/2013 Presenter: Embed:Get CodeShare it:

<embed src="http://content2.catalog.video.msn.com/e2/ds/33981985-e71a-4691-b9e1-e06e4b2a7442.mp4" width="800px" height="600px"></embed>

Take a closer look at this month's Microsoft Security Bulletins in this video taped from a live broadcast September 11th. Hosts Dustin Childs and Jona...

Read more

Take a closer look at this month's Microsoft Security Bulletins in this video taped from a live broadcast October 9th. Hosts Dustin Childs and Jonatha...

Update Tuesday Overview: October 2013 | TechNet Video

Run Time:02:33 Uploaded:10/08/2013 Presenter: Embed:Get CodeShare it:

<embed src="http://content5.catalog.video.msn.com/e2/ds/698708bd-c700-43d9-a8a7-1155d6fd493f.mp4" width="800px" height="600px"></embed>

Get a high-level overview of this month's eight Microsoft security bulletins. Dustin Childs from Microsoft Trustworthy Computing takes you through the...

Read more

Get a high-level overview of this month's eight Microsoft security bulletins. Dustin Childs from Microsoft Trustworthy Computing takes you through the updates.

September 2013 Security Bulletin Webcast | TechNet Video

Run Time:34:59 Uploaded:09/13/2013 Presenter: Embed:Get CodeShare it:

<embed src="http://content2.catalog.video.msn.com/e2/ds/33981985-e71a-4691-b9e1-e06e4b2a7442.mp4" width="800px" height="600px"></embed>

Take a closer look at this month's Microsoft Security Bulletins in this video taped from a live broadcast September 11th. Hosts Dustin Childs and Jona...

Read more

Take a closer look at this month's Microsoft Security Bulletins in this video taped from a live broadcast September 11th. Hosts Dustin Childs and Jonathan Ness provide details that should prove helpful for deployment of these important updates.

Applying Microsoft SDL Implementation Practices within Windows Azure | TechNet Video

Run Time:33:08 Uploaded:01/18/2011 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/da4120e6-7f4a-4d5f-a324-049150a713dd.mp4" width="800px" height="600px"></embed>

In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, explains how the Implementation phase of the Microsoft SDL applies to building...

Read more

In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, explains how the Implementation phase of the Microsoft SDL applies to building Windows Azure application. He starts first by defining both the similarities and key differences between implementation of on-premises solutions and Windows Azure-based applications. Following the theme of Peter’s previous theory video, Peter dives into specific tools that can be of use to secure implementation of applications on Windows Azure, including Checkmarx, Coverity and Veracode. The conversation then moves to properly implementing defenses against usual web threats (SQL injection, XSS, authentication, etc.) in the Windows Azure web applications.

Applying Microsoft SDL Release Practices within Windows Azure | TechNet Video

Run Time:08:04Uploaded:01/18/2011 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/659f8a4a-254e-4917-b072-209c2a681e05.mp4"; width="800px" height="600px"></embed>

In this video, Jason Glassberg, Co-Founder, Casaba, speaks about the Release phase of the Microsoft SDL and how to apply the Microsoft SDL release pha...

Read more

In this video, Jason Glassberg, Co-Founder, Casaba, speaks about the Release phase of the Microsoft SDL and how to apply the Microsoft SDL release phase practices to applications built on top of Windows Azure. Jason explains that the Microsoft SDL can apply to any cloud-based deployment, but focuses on Windows Azure, explaining that the steps are very similar to a typical on-premises application (File an Incident Response Plan, Perform a Final Security Review and Release Archive). In Azure, the importance of understanding of the platform is doubly-important in preparing an Incident Response Plan because rollback and stopping of deployment is vastly simpler than in on-premises or full-platform hosted deployment. Because Azure makes it so simple to deploy applications, Jason emphasizes the importance of reviewing the deployment and securing deployment-related artifacts such as management accounts, access to Service Management API and SSL certificates used by applications.

Microsoft SDL Release Phase: Security Practices | TechNet Video

Run Time:06:17 Uploaded:01/18/2011Presenter:Embed:Get CodeShare it:

<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/70e1fc18-c60e-4734-a02c-6becae66750c.mp4" width="800px" height="600px"></embed>

In this video, Jason Glassberg, Co-Founder, Casaba, discusses the three security practices of the Microsoft SDL Release phase. Jason talks about the p...

Read more

In this video, Jason Glassberg, Co-Founder, Casaba, discusses the three security practices of the Microsoft SDL Release phase. Jason talks about the planning for post-release contingencies by creating a well thought-out incident response plan, then stresses the importance of the application of a Final Security Review, its outcomes and mitigation of any outstanding issues. Finally he discusses the archiving of all pertinent information and data to allow for post-release servicing of the software.

Microsoft SDL Implementation Phase: Security Practices

Run Time:36:37 Uploaded:12/15/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/896e9074-b9f5-4b45-8b3e-15ca311468b3.mp4" width="800px" height="600px"></embed>

In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, discusses the implementation security practices of the “Implementation” phase... 

Read more

In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, discusses the implementation security practices of the “Implementation” phase of the Microsoft SDL. Peter uses the definition of what makes secure code as a point of departure, explaining then the benefits of the ease and repeatability the Microsoft SDL process brings to creation of such code. Peter then covers importance of proper usage of tools that are used during the Implementation Phase and dives into discussion of IDEs, compilers, parsers, linkers and static analysis applications.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL Microsoft Security Development Lifecycle Security Talk Series Webcast Check out Windows Azure Subscriptions.

Microsoft SDL Verification Phase: Security Practices

Run Time:21:44 Uploaded:12/15/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/20dc31dc-72c0-497e-a83d-4773b38bb52f.mp4" width="800px" height="600px"></embed>

In this video, Aviram Jenik, CEO, Beyond Security, talks about processes that help build secure systems, focusing on the Verification phase of the Mic...

Read more

In this video, Aviram Jenik, CEO, Beyond Security, talks about processes that help build secure systems, focusing on the Verification phase of the Microsoft Security Development Lifecycle. Aviram discusses the concept of “black box” testing, explains the importance of testing data entry endpoints with good, bad and fuzzed input, and points to the tools that can assist with these tasks. On a practical side, Aviram shows a detailed demo of “JPG fuzzing”, generating malformed images, and identifying vulnerabilities in image processing application.

Applying Microsoft SDL Requirements Practices within Windows Azure

Run Time:17:07 Uploaded:12/14/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/11945b56-0c91-4ccf-b09a-fda88fa6be4e.mp4" width="800px" height="600px"></embed>

In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about applying Microsoft SDL Requirements s...

Read more

In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about applying Microsoft SDL Requirements security practices to applications built on top of Windows Azure, focusing on the “Requirements” phase. Chris and Robert stress the similarities of Windows Azure applications to regular web applications, explaining that you won’t be operating in an entirely new environment, talk about decreased need to focus on infrastructure and platform and increased focus on securing the application layer. The presenters explain the similarities and differences in planning for security and privacy when deploying to Windows Azure, and explain how to map the existing and new risks to the cloud-based environment.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL http://go.microsoft.com/?linkid=9708425 Whitepaper: Security Best Practices for Developing Windows Azure Applications http://go.microsoft.com/?linkid=9751872 Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl Security Talk Series webcasts www.microsoft.com/events/series/securitytalk Check out Windows Azure Subscriptions bit.ly/AzurePromo

Applying Microsoft SDL Verification Practices within Windows Azure

Run Time:18:43 Uploaded:12/14/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1cae5666-e36f-4e7f-9bf3-3cee7f3951de.mp4" width="800px" height="600px"></embed>

In this video, Aviram Jenik, CEO, Beyond Security, talks about applying Microsoft SDL to applications built on top of Windows Azure applications, focu...

Read more

In this video, Aviram Jenik, CEO, Beyond Security, talks about applying Microsoft SDL to applications built on top of Windows Azure applications, focusing on the Verification phase of the Microsoft Security Development Lifecycle. Aviram explains how “black box” testing concept is increasingly relevant in the world of cloud-based applications, mentions classic user input attacks such as SQL injection and Cross Site Scripting (XSS), and enumerates different inputs that should be focused on with Windows Azure-based applications.

Microsoft SDL Requirements Phase: Security Practices

Run Time:12:32 Uploaded:12/14/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/3d2324be-efe4-4e27-a5de-e29bbddb9c52.mp4" width="800px" height="600px"></embed>

In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about the security practices of the “Requir...

Read more

In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about the security practices of the “Requirements” phase of the Microsoft SDL. Chris and Robert explain the benefits of following the Microsoft SDL to building more secure, reliable, and standard-compliant software.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL http://go.microsoft.com/?linkid=9708425 Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl Security Talk Series webcasts www.microsoft.com/events/series/securitytalk

Code Analysis for C/C++

Run Time:09:54 Uploaded:12/07/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/e66547b2-5a25-4792-9e5a-35c6f3366ba2.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with the installa...

Read more

Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with the installation of Visual Studio Team System or Visual Studio Team Suite, that provides information to developers about possible vulnerabilities in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.

Microsoft SDL Design Phase: Security Practices

Run Time:50:26 Uploaded:12/09/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/48a87adf-5a43-4a9b-97e5-e769892fbf80.mp4" width="800px" height="600px"></embed>

In this video, Joe Basirico, Director of Security Services, Security Innovation, speaks about the “Design” phase of the Microsoft SDL. Joe explains ho...

Read more

In this video, Joe Basirico, Director of Security Services, Security Innovation, speaks about the “Design” phase of the Microsoft SDL. Joe explains how designing secure systems sometimes requires thinking “backwards” - instead of focusing on features of what the system should do, one should think of what the system should NOT do. Taking this as a departing point, Joe dives into a discussion of foundational design principles of building secure software, including least privilege, compartmentalization, input validation, auditing and logging, cryptography and avoiding the “Not Invented Here” trap.

Anti-Cross Site Scripting (XSS) Library

Run Time:10:58 Uploaded:12/07/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/93563e6b-d03e-411a-8d99-aa7a435fc3f9.mp4" width="800px" height="600px"></embed>

Watch this short video to learn about Anti-XSS library. It's one of many tools available in the Microsoft SDL Toolset that can help you automate and i...

Read more

Watch this short video to learn about Anti-XSS library. It's one of many tools available in the Microsoft SDL Toolset that can help you automate and implement the Microsoft SDL Process Guidance.

Banned.h Header File

Run Time:04:16 Uploaded:12/07/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/978041da-45b5-451c-a590-6674b879c787.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about the Banned.h header file. Banned.h header file is one of the many free resources in the Microsoft SDL Tools...

Read more

Watch this short video to learn more about the Banned.h header file. Banned.h header file is one of the many free resources in the Microsoft SDL Toolset. The banned.h header file is a sanitizing resource, which supports the Microsoft SDL requirement to remove banned functions from code. It lists all banned APIs and allows any developer to locate them in code.

Code Analysis for C/C++

Run Time:09:54 Uploaded:12/07/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/e66547b2-5a25-4792-9e5a-35c6f3366ba2.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with the installa...

Read more

Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with the installation of Visual Studio Team System or Visual Studio Team Suite, that provides information to developers about possible vulnerabilities in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.

FxCop

Run Time:05:37 Uploaded:12/07/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/71702652-adcd-4b06-8b2b-0fe1e0d93645.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsof...

Read more

Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsoft SDL Toolset. BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place, and the latest good ATL headers are being used. BinScope also reports on dangerous constructs that are prohibited by SDL.

MSF-Agile + SDL Process Template

Run Time:06:30 Uploaded:12/07/2010 Presenter: Embed:Get CodeShare it:

<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/de0fb4da-39a6-434e-8321-4f79b867717a.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about the MSF-Agile+SDL Process Template. The MSF-Agile+SDL Template is one of many templates and tools available...

Read more

Watch this short video to learn more about the MSF-Agile+SDL Process Template. The MSF-Agile+SDL Template is one of many templates and tools available to help you implement the Microsoft SDL. MSF-Agile+SDL Process Template is a Team Foundation Server downloadable template that automatically incorporates the policy, process and tools associated with the SDL for Agile development guidance into the familiar Microsoft Solutions Framework (MSF) for Agile software development (MSF-Agile) process template that ships with Visual Studio Team System.

SDL Process Template

Run Time:07:28 Uploaded:12/07/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9a266d70-0b69-4e84-8960-ec55ac36a954.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsof... 

Read more

Watch this short video to learn more about the SDL Process Template. The SDL Process Template is one of many free templates and tools available in the Microsoft SDL Toolset. The SDL Process teamplate is a downloadable template that leverages the technology of Visual Studio Team System (VSTS) and Team Foundation Server (TFS) to automatically integrate the policy, process and tools associated with the Security Development Lifecycle version into your software development environment.

SDL Threat Modeling Tool

Run Time:10:33 Uploaded:12/07/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/12091545-a1a4-4514-9081-d5b48f675769.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about the SDL Threat Modeling tool. The SDL Threat Modeling Tool is one of many free tools made available as part... 

Read more

Watch this short video to learn more about the SDL Threat Modeling tool. The SDL Threat Modeling Tool is one of many free tools made available as part of the SDL Toolset. The SDL Threat Modeling Tool is the first threat modeling tool which isn't designed for security experts. It makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models.

SiteLock ATL (Active Library Template)

Run Time:05:16 Uploaded:12/07/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/ae854400-f2ab-4d46-888c-5127fc816c21.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about the SiteLock ATL (Active Library Template). SiteLock ATL is one of the many free templates and tools that a... 

Read more

Watch this short video to learn more about the SiteLock ATL (Active Library Template). SiteLock ATL is one of the many free templates and tools that are available as part of the Microsoft SDL Toolset. The SiteLock ATL template enables an ActiveX developer to restrict access so that a control is only deemed safe when used in a predetermined list of domains. This limits the ability of Web page authors to reuse the control for malicious purposes.

BinScope Binary Analyzer

Run Time:06:14Uploaded:12/06/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/28ec6268-6572-46d9-ba1c-41ab3e040818.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsof...

Read more

Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsoft SDL Toolset. BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place, and the latest good ATL headers are being used. BinScope also reports on dangerous constructs that are prohibited by SDL.

CAT.NET

Run Time:04:59 Uploaded:12/06/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a2e325a7-d31e-4f52-b293-b60dcbcd3790.mp4" width="800px" height="600px"></embed>

Watch this short video on CAT.NET. CAT.NET tool is one of the many free tools that are available as part of the Microsoft SDL Toolset. It's available ...

Read more

Watch this short video on CAT.NET. CAT.NET tool is one of the many free tools that are available as part of the Microsoft SDL Toolset. It's available in both 32-bit and 64-bit versions. CAT.NET is a command line tool that helps you identify security flaws within a managed code (C#, Visual Basic .NET, J#) application you are developing. It does so by scanning the binary and/or assembly of the application, and tracing the data flow among its statements, methods, and assemblies. CAT.NET also helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection, and XPath Injection.

MiniFuzz File Fuzzer

Run Time:06:23 Uploaded:12/06/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dbcab1b4-0bbc-430f-8494-15cb2d59b6ac.mp4" width="800px" height="600px"></embed>

Watch this short video on MiniFuzz File Fuzzer. MiniFuzz is one of the many free tools that are available as part of the Microsoft SDL Toolset. MiniFu...

Read more

Watch this short video on MiniFuzz File Fuzzer. MiniFuzz is one of the many free tools that are available as part of the Microsoft SDL Toolset. MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.

SDL Regex Fuzzer

Run Time:37:25 Uploaded:10/14/2013 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9117537e-87e8-44aa-a46e-707d77c38e4d.mp4" width="800px" height="600px"></embed>

Watch this short video to learn more about SDL Regex Fuzzer. SDL Regex Fuzzer is one of the many free tools in the Microsoft SDL Toolset. Regex Fuzzer...

Read more

Watch this short video to learn more about SDL Regex Fuzzer. SDL Regex Fuzzer is one of the many free tools in the Microsoft SDL Toolset. Regex Fuzzer can help test regular expressions for these potential vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.

SDL Tools Overview

Run Time:02:41 Uploaded:12/06/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/998c2518-1a9a-4ea6-961c-89de2ac2ade6.mp4" width="800px" height="600px"></embed>

Watch this short video on the Microsoft SDL Toolset overview. Doug Cavit, from the Microsoft SDL engineering team, explains why IT executives and mana...

Read more

Watch this short video on the Microsoft SDL Toolset overview. Doug Cavit, from the Microsoft SDL engineering team, explains why IT executives and managers should encourage their development teams to download the SDL Implementation guidance and SDL tools to see how they can implement a software security assurance process such as the Microsoft SDL. The Microsoft SDL toolset is meant to work together to help a company implement all the phases of the Microsoft SDL from requirements to software release. The Microsoft SDL toolset and process guidance are both FREE to download by our customers from the Microsoft SDL website. All the tools in the Microsoft SDL toolset are meant to work together, so that companies can write secure software easier.

Simplified Implementation of the Microsoft SDL

Run Time:24:29 Uploaded:12/06/2010 Presenter: Security Embed:Get CodeShare it:

<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dc708182-20e8-4658-8944-4b47d56c8503.mp4" width="800px" height="600px"></embed>

This video helps to illustrate the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activitie...

Read more

This video helps to illustrate the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activities that should be performed in order to claim compliance with the SDL process.

Security Development Lifecycle for Agile | TechNet Edge

Run Time:06:15 Uploaded:12/09/2009 Presenter: Embed:Get CodeShare it:

<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/7772aef0-e6a6-4b9b-acf7-119d712393ea.wmv" width="800px" height="600px"></embed>

Bryan Sullivan, Senior Security Program Manager for Microsoft, illustrates how teams can ensure applications developed with rapid release cycles are s...

Read more

Bryan Sullivan, Senior Security Program Manager for Microsoft, illustrates how teams can ensure applications developed with rapid release cycles are still developed in a secure manner. Many development organizations use Agile software development methodologies to build their applications, yet Agile – just like every other development methodology – does not inherently produce secure deliverables. Secure development practices need to be “baked-in” throughout every iteration or sprint. The Security Development Lifecycle for Agile (SDL-Agile) process defines a set of activities that development teams can follow to reduce security vulnerabilities. SDL-Agile also specifies the conditions and frequencies with which these activities should be performed, in order to optimize the security of the delivered product and to ensure that teams have the time and freedom to innovate and create new features. You can find additional information on SDL-Agile here: http://msdn.microsoft.com/en-us/library/ee790621.aspx

Client and Cloud Security | TechNet Edge

Run Time:07:24Uploaded:12/08/2009Presenter:Embed:Get CodeShare it:

<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/eec9e79b-0232-475d-a3fc-838b8dd7cd87.wmv" width="800px" height="600px"></embed>

Steve Lipner, Senior Director of Security Engineering Strategy for Microsoft's Trustworthy Computing group talks about client and cloud secuirty....

Read more

Steve Lipner, Senior Director of Security Engineering Strategy for Microsoft's Trustworthy Computing group talks about client and cloud secuirty.

BinScope Overview and Demo | TechNet Edge

Run Time:08:49Uploaded:09/16/2009Presenter:Embed:Get CodeShare it:

<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/28ec6268-6572-46d9-ba1c-41ab3e040818.mp4" width="800px" height="600px"></embed>

This brief video gives a brief overview of the BinScope Binary Analyzer and then walks through how to configure and use BinScope to analyze an applica...

Read more

This brief video gives a brief overview of the BinScope Binary Analyzer and then walks through how to configure and use BinScope to analyze an application within Visual Studio. The walkthrough demonstrates integration with TFS and the SDL Process Template, showing easy creation of work items from detected problems. Download BinScope here and begin leveraging the verification capabilities of BinScope immediately. Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.

MiniFuzz Overview and Demo | TechNet Edge

Run Time:07:39Uploaded:09/16/2009Presenter:Embed:Get CodeShare it:

<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dbcab1b4-0bbc-430f-8494-15cb2d59b6ac.mp4" width="800px" height="600px"></embed>

This brief video gives a brief overview of the MiniFuzz File Fuzzer and then walks through how to configure and use MiniFuzz to perform fuzz testing o... 

Read more

This brief video gives a brief overview of the MiniFuzz File Fuzzer and then walks through how to configure and use MiniFuzz to perform fuzz testing on an application. The walkthrough launches MiniFuzz as an add-on to Visual Studio and demonstrates integration with TFS, showing automatic creation of work items from detected crashes. Download MiniFuzz here to get started with this easy to use file fuzzing tool. Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.


SDL VIDEOS

Page1of 4
Run Time: 50:26
Uploaded: 12/09/2010
Microsoft SDL Design Phase: Security Practices
Run Time: 10:58
Uploaded: 12/07/2010
Anti-Cross Site Scripting (XSS) Library
Run Time: 04:16
Uploaded: 12/07/2010
Banned.h Header File
Run Time: 09:54
Uploaded: 12/07/2010
Code Analysis for C/C++
Run Time: 05:37
Uploaded: 12/07/2010
FxCop
Run Time: 06:30
Uploaded: 12/07/2010
MSF-Agile + SDL Process Template
Run Time: 06:30
Uploaded: 12/07/2010
SDL Process Template
Run Time: 10:33
Uploaded: 12/07/2010
SDL Threat Modeling Tool
Run Time: 05:16
Uploaded: 12/07/2010
SiteLock ATL (Active Library Template)
Run Time: 06:14
Uploaded: 12/06/2010
BinScope Binary Analyzer
Run Time: 04:59
Uploaded: 12/06/2010
CAT.NET
Run Time: 06:23
Uploaded: 12/06/2010
MiniFuzz File Fuzzer
Run Time: 06:40
Uploaded: 12/06/2010
SDL Regex Fuzzer
Run Time: 02:41
Uploaded: 12/06/2010
SDL Tools Overview
Run Time: 24:29
Uploaded: 12/06/2010
Simplified Implementation of the Microsoft SDL
Run Time: 08:49
Uploaded: 09/16/2009
BinScope Overview and Demo | TechNet Edge
Run Time: 07:39
Uploaded: 09/16/2009
MiniFuzz Overview and Demo | TechNet Edge