This Blog URL Has Changed – Please Update Your Readers

Things have been quite on the blog for while. There is a LOT of code being cranked out at the moment as we work towards some deadlines in the summer on various projects. Our team name has also changed from the Connected Information Security Group (CISG) to the Microsoft IT Information Security Tools Team. This…


ASP.NET Data Binding and AntiXss Encoding

Hi RV here again… Last time I looked at ASP.NET controls and few common scenarios where you need to use encoding. Couple of weeks back we looked at a sample data binding scenario. This time lets exclusively look at various ASP.NET data binding techniques and how to use AntiXss to encode the output. Scenario #1:…


There’s a LOT More to Building Security Software than Software Security

Mark Curphey here….. I often get asked exactly what I do for a living at Microsoft. Many people associate my name with OWASP, my personal blog and software security in general. When I say I am a PUM (Product Unit Manager)  and run a team that builds security tools most people understandably assume that we…

Trip Report : Day Two of Gartner BPM Conference

Hi Marius here again with highlights from day 2 of the Gartner BPM conference. Back of the Napkin You may have heard of the book called The Back of the Napkin: Solving Problems and Selling Ideas with Pictures. It’s one of the latest books creating a buzz in business community. Dan Roam, the author of…


Trip Report : Day One of Gartner BPM Conference

Marius Grigoriu here…. I am a Program manager with CISG and in keeping with good program management its straight down to business. Today was the first official day of the Gartner BPM Conference at Washington DC and I am posting daily trip reports. In the Connected Information Security Group we believe that BPM or Business…



Hi Birm here….. My name is Ricardo Birmele, but people around here call me “Birm.” I am lucky enough to be the user experience (UX) guy on the CISG team. Like many of us working at Microsoft, I’m an immigrant; in my case flying into the United States from Brasil when I was a kid….

UTF-8 Encoding

Hello there! My name is Andreas Fuchsberger, I am a developer in the CISG team based in Germany. I joined CISG after a short stint with Assessment, Consulting and Engineering (ACE) Team part of the InfoSec in Microsoft IT. I am a relatively new to Microsoft having joined only 6 months ago coming from academia…

What Does ANTI-XSS Offer for HTML Sanitization?

Hi Vineet here….. My name is Vineet Batta and in keeping with the other introductions here are a few words about myself. I have an engineering degree in Electronics & Communication and have spent quite a lot of time doing security reviews in the application space. Before joining Microsoft as an FTE I worked as…


What is the Microsoft Anti-XSS Library?

RV here….. My full name is Anil Kumar Venkata Revuru but people call me RV around here. I am a Senior Software Development Engineer (SDE in MSFT speak) for CISG where I am responsible for architecting security tools. In my past life at Microsoft I conducted security design reviews, threat modeling, application and source-code assessments….


Welcome to the CISG Blog

Mark Curphey here…… I am the Product Unit Manager (or "PUM" in MSFT speak) for the Connected Information Security Group or CISG. Welcome to our new team blog. We are a software development team of about 35 developers, program managers and testers that supports Microsoft’s corporate information security program; itself part of Microsoft IT and…