[Network World] Microsoft juices Visual Studio with secure coding tools

At the Black Hat Conference taking place in Washington, D.C., Microsoft said it will deepen ties between its Visual Studio development tools and the secure applications development processes first developed inside the company and now available to outsiders. Read the full story…

0

Security Guidance: Security Development Lifecycle (SDL) – Version 4.1a

As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft releases the SDL process guidance 4.1a. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs. The Microsoft Security Development Lifecycle Process Guidance 4.1a includes SDL for Agile…

1

[Sydney Herald] Microsoft raises cloud computing concerns

Microsoft released a "white paper" on the issue in conjunction with an International Conference of Data Protection and Privacy in Madrid. "We want to take the initiative in regard to our position on privacy in the cloud," Microsoft senior director of privacy strategy Brendon Lynch said.   Read full story…

0

Security Testing: MiniFuzz File Fuzzer

MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected application behaviors. Because fuzzing is effective at finding bugs, it…

1

Security Verification: BinScope Binary Analyzer

The BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.  BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, and up-to-date build tools are in place. BinScope also reports on…

3

[CIO] Five Lessons from Microsoft on Cloud Security

The software titan reviewed its security approach to cloud computing and developed new strategies. Here’s what one Microsoft cloud expert says he’s learned. Discuss risk with customers. The security of cloud services worries many customers, and it should. Pay attention to compliance. Larger enterprise customers want to understand the controls, but how many companies can…

0

[NSS Labs] Internet Explorer 8 rated tops against malware and phishing attacks

NSS Labs performs recurring, standardized testing of web browser security. This includes rating protection against socially engineered malware and phishing attacks. The results are based upon empirically validated evidence gathered by NSS Labs during continuous 24×7 testing against fresh, live malicious sites. During Q3, 2009 NSS Labs performed the second group test of web browser…

0

Security Threats: Code Analysis Tool .NET (CAT.NET) Preview

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. The tool can function as a plug-in for Visual Studio 2005/2008, FxCop custom rule, MSBuild custom task or through the command…

0

Security Guidance

As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft releases the SDL process guidance v4.1. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs. Get the guidance… Get the security process template for Visual Studio 2008…

0