Skip to content

Microsoft Secure

Vuln Hunt: Find the Security Vulnerability Challenge #2

Ex-Netscape engineer Jamie Zawinski has a great quote about regular expressions. He said: “Some people, when confronted with a problem, think ‘I know, I’ll use regular expressions.’ Now they have two problems.” That’s certainly true for this week’s Security Vuln Hunt. Two points are possible, plus an extra bonus point.  The question: The programmer here...

Read more

Casaba Releases Watcher 1.3.0 with Added SDL Integration

Hi everyone, Bryan here. We’ve written here before about Casaba Security’s Watcher tool and how it can help you verify compliance with several of the SDL web application security requirements, such as: ·         User controlled open redirects ·         Insecure domain references in Silverlight client access policy files ·         Use of the Javascript eval method ·        ...

Read more

SDL at TechEd Europe and Platforma

Hi everyone, Bryan here. I’m going to be presenting two sessions on the SDL next week, one for TechEd Europe and one for the Microsoft Platforma event in Moscow. If you’re attending either of these conferences, stop by and introduce yourself, or better yet stay for the session!   TechEd Europe:   SIA-205: SDL-Agile: Microsoft’s...

Read more

SIR Volume 7 Released

Hi everyone, Bryan here. Earlier this week, Microsoft released the latest volume of the Security Intelligence Report (SIR), which covers the first half of 2009. There are many interesting statistics in this report, but there’s one that I’d like to draw particular attention to: the number of industry-wide reported vulnerabilities as broken down by OS...

Read more

Cross-Domain Security

Hi everyone, Bryan here. Peleus Uhley, Senior Security Researcher at Adobe, has written a guest post for the BlueHat blog on potential security issues with cross-domain access permissions for web sites. I’d like to encourage you to read Peleus’ post and also to expand on it a little to talk about the SDL requirements around...

Read more

MSDN Security Issue Articles

Bryan here. The SDL team is well represented in the annual security issue of MSDN magazine – we have three articles that might be interesting to you, given that you read the SDL Blog! First up is a code review quiz, “Test Your Security IQ”. Put your C/C++/C# security skills to the challenge by reviewing...

Read more