Checklists and Mnemonics

Dennis Groves here…. The most common list is the to-do list, and it is the one we are all most familiar with and so the real value of a checklist is often very misunderstood. Aviation and medicine make heavy use of them. Computer programs are basically a sequential list of operations to for the computer…

1

Doing What You Want, Not What You Have To!

Birm here….. As I go about my daily routine, I talk a lot with people directly involved in software design and development. It’s become clear that based on their training and experience, each person has a different take on what constitutes “user experience.” And while they have an idea of usability, they’re not well schooled…

1

How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect

RV again… Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we look at how we can detect cross site scripting vulnerabilities using automated tools. Being the most common vulnerability found in web applications, it is very important to detect and mitigate XSS vulnerabilities early in development cycle. Arming…

5

Introduction to Dennis Groves

Dennis Groves here….. Hello, my name is Dennis Groves and I am a Program Manager in the CISG (Connected Information Security Group) at Microsoft. Before joining Microsoft I was a Security Consultant with IBM Security and Privacy Services. At IBM my roles was an IT Security Architect and Consultant in assessing and developing secure solutions…

1

UX ≠ UI

Hi Birm here….. My name is Ricardo Birmele, but people around here call me “Birm.” I am lucky enough to be the user experience (UX) guy on the CISG team. Like many of us working at Microsoft, I’m an immigrant; in my case flying into the United States from Brasil when I was a kid….


Output Encoding

Hi Anil Chintala here…. I am a Developer on CISG team working out of the Hyderabad campus in India. I am responsible for building security software for the information security group within Microsoft IT. I have a bachelors degree in mechanical engineering and I have worked in various roles from development to managing a dev…

5

UTF-8 Encoding

Hello there! My name is Andreas Fuchsberger, I am a developer in the CISG team based in Germany. I joined CISG after a short stint with Assessment, Consulting and Engineering (ACE) Team part of the InfoSec in Microsoft IT. I am a relatively new to Microsoft having joined only 6 months ago coming from academia…


What Does ANTI-XSS Offer for HTML Sanitization?

Hi Vineet here….. My name is Vineet Batta and in keeping with the other introductions here are a few words about myself. I have an engineering degree in Electronics & Communication and have spent quite a lot of time doing security reviews in the application space. Before joining Microsoft as an FTE I worked as…

3

What is the Microsoft Anti-XSS Library?

RV here….. My full name is Anil Kumar Venkata Revuru but people call me RV around here. I am a Senior Software Development Engineer (SDE in MSFT speak) for CISG where I am responsible for architecting security tools. In my past life at Microsoft I conducted security design reviews, threat modeling, application and source-code assessments….

7

Welcome to the CISG Blog

Mark Curphey here…… I am the Product Unit Manager (or "PUM" in MSFT speak) for the Connected Information Security Group or CISG. Welcome to our new team blog. We are a software development team of about 35 developers, program managers and testers that supports Microsoft’s corporate information security program; itself part of Microsoft IT and…

2