Skip to content

Microsoft Secure

Applying SDL Principles to Legacy Code

Hello, this is Scott Stender from iSEC Partners, one of the SDL Pro Network partners.  As security consultants, we at iSEC work with a variety of companies to drive security throughout their development cycle.   Clients with mature security processes ask that we help carry out parts of their process, from requirements analysis to penetration testing. ...

Read more

MS08-067 and the SDL

Hi, Michael here. No doubt you are aware of the out-of-band security bulletin issued by the Microsoft Security Response Center today, and like all security vulnerabilities, this is a vulnerability we can learn from and, if necessary, can use to shape future versions of the Security Development Lifecycle (SDL). Before I get into some of...

Read more

Good hygiene and Banned APIs

Jeremy Dallman here with a quick note about a code sanitizing tool we are making available to support one of the SDL requirements – Remove all Banned APIs from your code. This requirement was put in place to prevent use of certain older C runtime functions that lead to buffer overrun flaws and have been deprecated....

Read more

Microsoft partners get a head start to help protect you

The Microsoft Security Response Center (MSRC) recently introduced the Microsoft Active Protections Program (MAPP) to help get security information out faster. Before this program,security software providers had to wait until the public release of security updates before building protections. Now, members of MAPP can receive security vulnerability information from the MSRC in advance of regularly...

Read more

Experiences Threat Modeling At Microsoft

Adam Shostack here.  Last weekend, I was at a Security Modeling Workshop, where I presented a paper on “Experiences Threat Modeling at Microsoft,” which readers of this blog might enjoy.  So please, enjoy! And while I’m at it, I wanted to draw attention to some of the other presentations that I thought were very interesting,...

Read more

Mitigating Exploitation Techniques

Hi, Matt Miller from Microsoft’s Security Science team here to talk about exploitation & mitigation.   Over the past decade exploitation techniques have been developed and refined to the point that very little expertise has been needed to successfully exploit software vulnerabilities.  These refinements have lowered the bar for attackers and drastically increased the probability...

Read more