- Filter by:
- allAll
- |
- sdl_roiSDL ROI
- |
- sdl_progress_reportSDL Progress Report
- |
- toolsTools
- |
- cloudCloud
- |
- eventsEvents
- |
- videoVideos
Video
Anti-Cross Site Scripting (XSS) Library
Video
Watch this short video to learn about Anti-XSS library. It’s one of many tools available in the Microsoft SDL Toolset that can help you automate and implement the Microsoft SDL Process Guidance.
play videoMSF-Agile + SDL Process Template
Video
Watch this short video to learn more about the MSF-Agile+SDL Process Template. The MSF-Agile+SDL Template is one of many templates and tools available to help you implement the Microsoft SDL. MSF-Agile+SDL Process Template is a Team Foundation Server downloadable template that automatically incorporates the policy, process and tools associated with the SDL for Agile development guidance into the familiar Microsoft Solutions Framework (MSF) for Agile software development (MSF-Agile) process template that ships with Visual Studio Team System.
play videoFxCop
Video
Watch this short video to learn more about FxCop. FxCop is a tool that performs static code analysis of .NET code. It provides hundreds of rules that perform various types of analysis, to include Design, Globalization, Interoperability, Maintainability, Mobility, Naming, Performance, Portability, Reliability, Security, and Usage. For more detailed information please consult the Visual Studio 2010 MSDN documentation. The FxCop functionality is fully integrated into Visual Studio 2010 Premium and Ultimate editions.
play videoCode Analysis for C/C++
Video
Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with the installation of Visual Studio Team System or Visual Studio Team Suite, that provides information to developers about possible vulnerabilities in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.
play videoSDL Threat Modeling Tool
Video
Watch this short video to learn more about the SDL Threat Modeling tool. The SDL Threat Modeling Tool is one of many free tools made available as part of the SDL Toolset. The SDL Threat Modeling Tool is the first threat modeling tool which isn’t designed for security experts. It makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models.
play videoSiteLock ATL (Active Library Template)
Video
Watch this short video to learn more about the SiteLock ATL (Active Library Template). SiteLock ATL is one of the many free templates and tools that are available as part of the Microsoft SDL Toolset. The SiteLock ATL template enables an ActiveX developer to restrict access so that a control is only deemed safe when used in a predetermined list of domains. This limits the ability of Web page authors to reuse the control for malicious purposes.
play videoSDL Process Template
Video
Watch this short video to learn more about the SDL Process Template. The SDL Process Template is one of many free templates and tools available in the Microsoft SDL Toolset. The SDL Process teamplate is a downloadable template that leverages the technology of Visual Studio Team System (VSTS) and Team Foundation Server (TFS) to automatically integrate the policy, process and tools associated with the Security Development Lifecycle version into your software development environment.
play videoBinScope Binary Analyzer
Video
Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsoft SDL Toolset. BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place, and the latest good ATL headers are being used. BinScope also reports on dangerous constructs that are prohibited by SDL.
play videoCAT.NET
Video
Watch this short video on CAT.NET. CAT.NET tool is one of the many free tools that are available as part of the Microsoft SDL Toolset. It’s available in both 32-bit and 64-bit versions. CAT.NET is a command line tool that helps you identify security flaws within a managed code (C#, Visual Basic .NET, J#) application you are developing. It does so by scanning the binary and/or assembly of the application, and tracing the data flow among its statements, methods, and assemblies. CAT.NET also helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection, and XPath Injection.
play videoSDL Regex Fuzzer
Video
Watch this short video to learn more about SDL Regex Fuzzer. SDL Regex Fuzzer is one of the many free tools in the Microsoft SDL Toolset. Regex Fuzzer can help test regular expressions for these potential vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.
play videoSDL Tools Overview
Video
Watch this short video on the Microsoft SDL Toolset overview. Doug Cavit, from the Microsoft SDL engineering team, explains why IT executives and managers should encourage their development teams to download the SDL Implementation guidance and SDL tools to see how they can implement a software security assurance process such as the Microsoft SDL. The Microsoft SDL toolset is meant to work together to help a company implement all the phases of the Microsoft SDL from requirements to software release. The Microsoft SDL toolset and process guidance are both FREE to download by our customers from the Microsoft SDL website. All the tools in the Microsoft SDL toolset are meant to work together, so that companies can write secure software easier.
play videoMiniFuzz File Fuzzer
Video
Watch this short video on MiniFuzz File Fuzzer. MiniFuzz is one of the many free tools that are available as part of the Microsoft SDL Toolset. MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.
play videoBanned.h Header File
Video
Watch this short video to learn more about the Banned.h header file. Banned.h header file is one of the many free resources in the Microsoft SDL Toolset. The banned.h header file is a sanitizing resource, which supports the Microsoft SDL requirement to remove banned functions from code. It lists all banned APIs and allows any developer to locate them in code.
play videoTools
Microsoft’s Attack Surface Analyzer sheds light on software vulnerabilities
Tools
New tool helps developers identify potential weak points in products, lets admins quantify a program’s affect on PC security.
By Woody Leonhard, Information Week
January 20, 2011
www.informationweek.comMicrosoft Offers Another SDL Tool
Tools
Attack Surface Analyzer now in beta, and Microsoft adds new SDL consulting service
By Kelly Jackson Higgins, Dark Reading
January 19, 2011
www.darkreading.comTool to track security-sensitive changes to Windows
Tools
Microsoft has announced the free Attack Surface Analyzer tool, designed to highlight any changes to a Windows system that are introduced when installing a program.
The H Security
January 19, 2011
www.h-online.comMicrosoft introduces Attack Surface Analyser
Tools
The Attack Surface Analyser will help users understand how adding applications could impact the security of Microsoft systems.
By Tom Brewster, IT Pro UK
January 19, 2011
www.itpro.co.ukMicrosoft releases Attack Surface Analyzer for developers
Tools
Microsoft releases Attack Surface Analyzer for developers
By Shaun Nichols, V3.co.uk
January 19, 2011
www.v3.co.ukMicrosoft Releases Vulnerability Analysis Tool
Tools
Attack Surface Analyzer, available as a free beta, assesses operating system weaknesses which emerge after an install or an attack.
By Mathew J. Schwartz, Information Week
January 19, 2011
www.informationweek.comMicrosoft SDL verifier tool available as free download
Tools
Microsoft has released Attack Surface Analyzer beta, a tool the company has used internally for five years to help IT departments tackle IT security.
By Cliff Saran, Computer Weekly
January 19, 2011
www.computerweekly.comBlack Hat: Microsoft Donates Security Tools
Tools
Microsoft (NASDAQ: MSFT) quietly announced this week that it has released betas of three updated security testing tools, targeting security professionals and ISVs in an attempt to encourage development of less vulnerable software.
By Stuart J. Johnston, eSecurity Planet
January 19, 2011
www.esecurityplanet.comMicrosoft refreshes secure developer software tools
Tools
Microsoft has released a new software tool to help developers write secure applications by highlighting the system changes created when their wares are installed on Windows machines.
By Dan Goodin, The Register
January 19, 2011
www.theregister.co.ukFree SDL Threat Modeling Tool 3.1.6 Beta Released
Tools
Microsoft is offering developers the chance to test drive the next iteration of its SDL Threat Modeling Tool. The Beta development milestone of SDL Threat Modeling Tool 3.1.6 has been introduced at Blackhat DC, and the bits are available via the Microsoft Download Center.
By Marius Oiaga, Softpedia
January 18, 2011
news.softpedia.comBinScope Binary Analyzer Now with Visual Studio 2010 Support
Tools
Developers that have embraced the Security Development Lifecycle principles from Microsoft for their software also have a tool designed to evaluate projects. BinScope Binary Analyzer is capable of assessing third-party software and report whether it meets SDL requirements or not.
By Marius Oiaga, Softpedia
January 18, 2011
news.softpedia.comMicrosoft releases Attack Surface Analyzer to developers
Tools
Microsoft has issued a new tool that helps developers analyze whether newly developed applications will change the way cybercriminals can target vulnerabilities and gain access to Windows.
By Robert Westervelt, SearchSecurity.com
January 18, 2011
searchsecurity.techtarget.comMicrosoft releases free secure development tool
Tools
Microsoft on Monday announced the free availability of a new software verification tool designed for coders, as well as IT professionals. Announced at this week’s Black Hat conference in Washington, D.C., the tool, called Attack Surface Analyzer, helps determine when poorly designed applications widen the attack surface of a Windows system.
By Dan Kaplan, SC Magazine
January 18, 2011
www.scmagazineus.comMicrosoft adds to security tools for developers
Tools
Attack Surface Analyzer security development lifecycle verification tool offered along with consulting services for secure development.
By Paul Krill, InfoWorld
January 18, 2011
www.infoworld.comEvents
Microsoft security chief stumps for Internet health check system
Events
“Most of the [security] models we have today are reactive. While we’re going to continue to look for badness, can’t we also enforce goodness?” Scott Charney, Microsoft Corporate Vice President for Trustworthy Computing
Eric B. Parizo, SearchSecurity.com
February 15, 2011
searchsecurity.techtarget.comRSA: Microsoft Promotes Internet Health Model
Events
Microsoft proposes a “global Internet health model” to help deal with the convergence of mobile devices and the cloud.
By Stuary J. Johnston, Datamation
February 15, 2011
itmanagement.earthweb.comMicrosoft has a change of heart on how to keep Internet safe
Events
“Last year at RSA I said, 'You know we need to think about ISPs being the CIO for the public sector, and we need to think about them scanning consumer machines and making sure they’re clean and maybe quarantining them from the Internet. But in the course of the last year as I thought a lot more about this I realized that there are many flaws with that model.” Scott Charney, Microsoft Corporate Vice President for Trustworthy Computing
By Robert McMillan, Computer World
February 15, 2011
www.computerworld.comFight computer viruses like epidemics: Microsoft
Events
Microsoft on Tuesday advocated fighting pernicious computer viruses with public health tactics used to stop the spread of SARS, H1N1 and other dangerous real world bugs.
By AFP
February 15, 2011
www.google.comAre the Internet’s ‘Wild West’ days near an end?
Events
Ensuring trust in an increasingly complex and networked world could require collective defenses with some type of centralized authority, executives from RSA and Microsoft said Tuesday at the opening of the RSA Security Conference.
By William Jackson, Government Computer News
February 15, 2011
gcn.comRSA 2011: Sectors must collaborate to adopt global internet health model, says Microsoft’s Charney
Events
Today at RSA Conference 2011, Scott Charney, corporate vice president of Microsoft Trustworthy Computing, urged public and private sectors to adopt a proposal for a global internet health model.
InfoSecurity.com
February 15, 2011
www.infosecurity-magazine.comMicrosoft continues push for infected computers to be quarantined
Events
Microsoft’s Scott Charney is pushing ahead with a proposal for a public health model to curb the damage from botnets of malware-laden computers around the world.
By Ryan Naraine, ZDNet.com
February 15, 2011
www.zdnet.comMicrosoft looks to healthcare for tech security
Events
Microsoft wants to make tomorrow’s tech-security world work a lot like tomorrow’s health care industry. While the comparison has long been made in the security industry, with threats like “viruses,” Scott Charney, corporate vice president in Microsoft’s Trustworthy Computing group, noted that the response to those problems has fallen short in areas where health care has proved more agile.
By Josh Lowensohn, CNET News
February 15, 2011
news.cnet.comCyber-Security Czar Defends Government Role
Events
Howard Schmidt, the White House cybersecurity coordinator, defended a new federal program that would allow individual Internet users to authenticate their online identities during a panel discussion held on the eve of the RSA security technology conference in San Francisco.
By Michael Hickins, The Wall Street Journal
February 15, 2011
blogs.wsj.comRSA: Microsoft Revises Computer Quarantine Proposal
Events
At the RSA conference in San Francisco, Calif., on Tuesday Scott Charney, Microsoft’s corporate vice president for trustworthy computing, revised his controversial call to apply the public health model to cybersecurity.
By Thomas Claburn, InformationWeek
February 15, 2011
www.informationweek.comQ&A: The latest from Microsoft security guru Scott Charney
Events
Cybersecurity veteran Scott Charney spends a lot of time thinking about the future of the Internet as the corporate vice president in charge of Microsoft’s Trustworthy Computing initiative. And lately his big ideas have been stirring up a lot of attention.
By Todd Bishop, Tech Flash
February 19, 2011
www.techflash.comMicrosoft: ‘Public health’ Web-security model needs ‘health certificates’
Events
Continuing its idea that the Internet needs a “public health” model ensure online security, Microsoft is pushing for “health certificates” that would signify whether a computer is infected with a virus or other malware.
By Nick Eaton, SeattlePI.com
February 15, 2011
blog.seattlepi.comRSA: Microsoft refines plans to quarantine infected PCs
Events
Microsoft’s corporate vice president for trustworthy computing has been expanding on the company’s plan to quarantine infected PCs from full internet access.
By Iain Thomson, V3.co.uk
February 16, 2011
www.v3.co.ukRSA: Fake AV Companies Making More Money than Security Vendors
Events
Having spoken on the ‘Public, meet private: Lessons learned in chasing cyber crooks’ panel at the RSA 2011 conference in San Francisco, Pedro Bustamante, senior research analyst at Panda Security, tells Infosecurity’s Eleanor Dallaway why geography is obstructing cyber legal justice.
InfoSecurity.com
February 16, 2011
www.infosecurity-us.comAchieve online safety through collective defence, says Microsoft
Events
Internet users are facing increasingly complex threats they can’t defend themselves against, according to Microsoft. Anti-malware software can only go so far, but will not protect against more advanced threats, said Jeff Jones, director of Microsoft’s Trustworthy Computing.
By Warwick Ashford, ComputerWeekly.com
February 16, 2011
www.computerweekly.comRSA Conference: Advanced Persistent Threats Require New Security Focus
Events
RSA CTO Bret Hartman discusses the concept of advanced persistent threats with eWEEK, as well as the concept of the next-generation security operations center.
By Brian Prince, eWeek
February 16, 2011
www.eweek.comRSA: Working Together Works
Events
Working together is critical to managing cybersecurity risk successfully, but not everyone is on the same page when it comes to how to collaborate effectively, particularly when partnerships stretch across the divide between the public and private sector.
By Thomas Claburn, InformationWeek
February 16, 2011
www.informationweek.comMicrosoft Exec Talks Up Healthcare For User Machines
Events
Collective defense’ approach could use certificates of machine health, but some experts say it won’t solve the problem.
By Kelly Jackson Higgins, Dark Reading
February 16, 2011
www.darkreading.comThe world of cyber threats
Events
The boss of the world’s biggest security company said the Stuxnet virus that targeted Iranian industrial facilities last year came as no big surprise. But Enrique Salem of Symantec admitted the ability of the worm was “unprecedented”.
By Maggie Shiels, BBC News
February 16, 2011
www.bbc.co.ukRSA: Microsoft refines plans to quarantine infected PCs
Events
Microsoft’s corporate vice president for trustworthy computing has been expanding on the company’s plan to quarantine infected PCs from full internet access.
By Iain Thomson, V3.co.uk
February 16, 2011
www.v3.co.ukRSA 2011: Microsoft details refined ‘public health’ model for internet security
Events
Many organisations are stuck in a state of paralysis because they fail to understand the nature of cyber threats, says Scott Charney, corporate vice-president of Microsoft’s Trustworthy Computing Group.
Warwick Ashford, ComputerWeekly.com
February 16, 2011
www.computerweekly.comMicrosoft Calls for Safer and Healthier Internet
Events
At a keynote speech delivered at the RSA Security Conference, Scott Charney--Microsoft corporate vice president for Trustworthy Computing--reiterated a vision for the future of Internet security. Charney painted a picture of a collaborative approach to Internet and PC security modeled after the processes used to respond to global health epidemics.
By Tony Bradley, PCWorld
February 16, 2011
www.pcworld.comMicrosoft security boss proposes websites block unhealthy PCs
Events
Following controversy surrounding his proposal for a global ISP-led quarantine of infected PCs last year, Microsoft security chief Scott Charney told the cyber security community today he has adjusted his recommendations.
By Lia Timson, IT Wire
February 16, 2011
www.itwire.comRSA: Defining Cyberwar And Rallying Defenders
Events
We may not know exactly what cyberwar means but we know we have to work together to prepare our defenses.
By Thomas Claburn, InformationWeek
February 18, 2011
www.informationweek.comReflections on RSA 2011
Events
Microsoft remains the clear leader in secure development practices.
By David Lacey, ComputerWeekly.com
February 21, 2011
www.computerweekly.comCyberwar: we’re in it together
Events
Scott Charney, head of Microsoft’s Trustworthy Computing initiative, has suggested treating internet security like a public health issue — including the controversial idea of quarantining computers that don’t pass basic health checks.
By Stilgherrian, ZDNet.com.au
February 21, 2011
www.zdnet.com.auRSA 2011: Identity paramount to securing cyberspace, says Microsoft
Events
Identity is the most important element in securing cyberspace, says Ariel Gordon, principal group program manager at the identity and security division of Microsoft.
By Warwick Ashford, ComputerWeekly.com
February 22, 2011
www.computerweekly.com10 building blocks for securing the Internet today
Events
With the right leadership, we could apply an array of today’s protocols, specs, and technologies to make the Internet safer for everyone.
By Roger A. Grimes, InfoWorld
February 22, 2011
www.infoworld.comScott Charney: Microsoft security policy and collective defense
Events
In this video, Scott Charney, Microsoft VP for Trustworthy Computing, discusses collective defense, the Microsoft security policy proposition for securing consumer computers on the Internet.
SearchSecurity.com
February 22, 2011
searchsecurity.techtarget.comQ&A: The state of the Microsoft Trustworthy Computing initiative in 2011
Events
In this exclusive video interview from RSA Conference 2011, Microsoft Corporate Vice President of Trustworthy Computing Scott Charney discuss the state of Microsoft’s Trustworthy Computing initiative in 2011.
SearchSecurity.com
February 23, 2011
searchsecurity.techtarget.comRSA Conference 2011 recap: What we learned
Events
A highlight of a handful of the most interesting takeaways from RSA 2011.
SearchSecurity.com
February 24, 2011
searchsecurity.techtarget.comSDL ROI
Keep costly software bugs at bay with SDL
SDL ROI
Whether your create dozens of small scripts or large-scale apps, a comprehensive software development lifecycle strategy today means far better security tomorrow.
By Roger A. Grimes, InfoWorld
April 12, 2011
www.infoworld.comMicrosoft alerts business to cost benefits of secure software
SDL ROI
The software industry can do a lot better to improve the security of applications, says Microsoft.
By Warwick Ashford, ComputerWeekly.com
April 5, 2011
www.computerweekly.comThe SDL Progress Report
SDL ROI
Learn about the evolution of the Microsoft Security Development Lifecycle (SDL) and the progress Microsoft has made in using the SDL and security science to reduce vulnerabilities and mitigate threats to Microsoft software and services.
www.microsoft.com/downloadMidAmerican: The SDL Chronicles
SDL ROI
MidAmerican Energy Holdings Company uses Microsoft SDL to make its software more secure.
www.microsoft.com/downloadAberdeen - Security and the Software Development Lifecycle: Secure at the Source
SDL ROI
Aberdeen Group, an IT sector analyst firm, demonstrates how securing software early in the application development cycle increases security and most importantly drives down the severity and cost of vulnerability incidents.
www.microsoft.com/downloadState of Application Security – A Forrester Consulting Thought Leadership Paper Commissioned by Microsoft
SDL ROI
Microsoft commissioned Forrester Consulting to conduct a survey study of 150 North American software development influencers. The study aims to understand the current state of application security development practices and identify key trends and market directions.
www.microsoft.com/downloadSDL Progress Report
Comment: Building Secure Software From the Inside Out
SDl Progress Report
Microsoft’s Steve Lipner culls together nearly 40 years of experience in software development to explain what developers can do to help keep data safe and improve the security of their applications. Steve Lipner, Microsoft Senior Director, US Security Engineer & Communications
By Steve Lipner, Microsoft
April 7, 2011
www.infosecurity-magazine.comSchwartz On Security: Secure Coding Or Bust
SDl Progress Report
Companies must embrace secure development techniques to stem the surge of attacks targeting Web application vulnerabilities.
By Mathew J. Schwartz, InformationWeek
April 07, 2011
www.informationweek.comGrowing threats to applications highlight need for secure development, says Microsoft
SDl Progress Report
Security threats to applications have outstripped threats to operating systems and browsers over the last few years, noted Steve Lipner, Microsoft’s senior director of security engineering.
InfoSecurity.com
April 1, 2011
www.infosecurity-magazine.comFrom SDL 2.0 to SDL 5.1, Evolution of Security Development Lifecycle Whitepaper Released
SDl Progress Report
The Microsoft SDL combines a holistic and practical approach to reducing the number and severity of vulnerabilities in Microsoft products and services.
By Marius Oiaga, Softpedia.com
March 31, 2011
news.softpedia.comMicrosoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP
SDl Progress Report
This week, Microsoft released its first major report on the progress and changes in the Security Development Lifecycle program, detailing not only its progress but also the things that still need to be improved.
By Dennis Fisher, ThreatPost.com
March 31, 2011
threatpost.comMicrosoft publishes report on its Security Development Lifecycle
SDl Progress Report
Microsoft has published a new report that outlines nine years of progress in developing, improving and sharing the Security Development Lifecycle (SDL) process.
By Warwick Ashford, ComputerWeekly.com
March 31, 2011
www.computerweekly.comMicrosoft Releases First Ever Security Development Lifecycle Progress Report
SDl Progress Report
Microsoft released its first ever Security Development Lifecycle (SDL) Progress Report today, outlining nine years of progress developing, improving and adopting the SDL process.
SecurityWeek News
March 30, 2011
www.securityweek.comMicrosoft Touts Security Development Lifecycle (SDL) Program Progress
SDl Progress Report
Microsoft would like to remind administrators and business decision makers that arguably the most vulnerable part of your company may be the applications that you and your end-users rely on to meet your daily business objectives.
By Jeff James, Windows IT Pro
March 30, 2011
www.windowsitpro.comMicrosoft cites software security progress despite sluggish ASLR support
SDl Progress Report
Microsoft’s Security Development Lifecycle (SDL) has come a long way since the early 1990s, when the software giant’s product teams implemented security and privacy protections at their own discretion.
By Robert Westervelt, SearchSecurity.com
March 30, 2011
searchsecurity.techtarget.comMicrosoft urges developers to design threat mitigations into software
SDl Progress Report
Microsoft has called on developers of consumer software to ensure that more of them use the exploit mitigations outlined in the company’s Security Development Lifecycle (SDL) initiative in order to architect more secure products.
By Phil Muncaster, V3
March 30, 2011
www.v3.co.ukCloud
Microsoft’s Scott Charney on cloud computing and privacy
Cloud
In this exclusive video from RSA Conference 2011, Microsoft Corporate Vice President of Trustworthy Computing Scott Charney discusses cloud computing and privacy, including what his mom taught him about cloud computing.
SearchSecurity.com
February 22, 2011
searchcloudsecurity.techtarget.comClient and Cloud Security | TechNet Edge
Cloud
Steve Lipner, Senior Director of Security Engineering Strategy for Microsoft’s Trustworthy Computing group talks about client and cloud secuirty.
play videoSecurity Development Lifecycle for Agile | TechNet Edge
Cloud
The Security Development Lifecycle for Agile (SDL-Agile) process defines a set of activities that development teams can follow to reduce security vulnerabilities.
play videoMicrosoft SDL Design Phase: Security Practices
Cloud
Joe Basirico, Director of Security Services, Security Innovation, explains how designing secure systems sometimes requires thinking “backwards” - instead of focusing on features of what the system should do, one should think of what the system should NOT do.
play videoApplying Microsoft SDL Design Practices within Windows Azure
Cloud
Joe Basirico, Director of Security Services, speaks about mapping concepts from the “Design” phase of the Microsoft SDL to software targeting Windows Azure platform.
play videoMicrosoft SDL Requirements Phase: Security Practices
Cloud
Chris Weber, Managing Partner, and Robert Mooney, Senior Software Development, Casaba, speak about the security practices of the “Requirements” phase of the Microsoft SDL.
play videoApplying Microsoft SDL Requirements Practices within Windows Azure
Cloud
In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about applying Microsoft SDL Requirements security practices to applications built on top of Windows Azure, focusing on the “Requirements” phase.
play videoMicrosoft SDL Implementation Phase: Security Practices
Cloud
Peter Oehlert, Senior Security Consultant, iSEC Partners, discusses the implementation security practices of the “Implementation” phase of the Microsoft SDL and explains the benefits of the ease and repeatability the Microsoft SDL process brings to creation of secure code.
play videoApplying Microsoft SDL Implementation Practices within Windows Azure
Cloud
Peter Oehlert, Senior Security Consultant, iSEC Partners, explains how the Implementation phase of the Microsoft SDL applies to building Windows Azure application.
play videoMicrosoft SDL Verification Phase: Security Practices
Cloud
In this video, Aviram Jenik, CEO, Beyond Security, talks about processes that help build secure systems, focusing on the Verification phase of the Microsoft Security Development Lifecycle.
play videoApplying Microsoft SDL Verification Practices within Windows Azure
Cloud
Aviram Jenik, CEO, Beyond Security, talks about applying Microsoft SDL to applications built on top of Windows Azure applications, focusing on the Verification phase of the Microsoft Security Development Lifecycle.
play videoMicrosoft SDL Release Phase: Security Practices
Cloud
In this video, Jason Glassberg, Co-Founder, Casaba, discusses the three security practices of the Microsoft SDL Release phase.
play videoApplying Microsoft SDL Release Practices within Windows Azure
Cloud
Jason Glassberg, Co-Founder, Casaba, speaks about the Release phase of the Microsoft SDL and how to apply these practices to applications built on top of Windows Azure.
play videoSDL Process Guidance
Simplified Implementation of the Microsoft SDL
SDL Process Guidance
This document illustrates the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activities that should be performed in order to follow the SDL process.
www.microsoft.com/downloadSimplified Implementation of the Microsoft SDL
SDL Process Guidance
This video helps to illustrate the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activities that should be performed in order to claim compliance with the SDL process.
play video
|
|
 © 2012 Microsoft |
