Risk Management

My first article on the topic of security testing and risk management is now published in the March 2009 issue of Testing Experience magazine, pages 28-30. http://www.testingexperience.com/subscribe.php (free online subscription takes you to PDF download)

0

Office Security Team

The Office security team typically targets memory-corruption bugs in the software like buffer overruns, integer overruns, and format strings… http://www.darkreading.com/document.asp?doc_id=159305

0

Security & Perf Videos

J.D. Meier has posted a decent index of videos covering performance testing, ASP.NET 2.0, and VSTS: http://blogs.msdn.com/jmeier/archive/2007/11/22/videos-security-performance-testing-and-visual-studio-team-system.aspx  

0

Patterns & Practices Security Videos

“Click Here” http://blogs.msdn.com/jmeier/archive/2007/03/24/patterns-practices-security-videos.aspx  

0

CERT Secure Coding Standards

“This web site exists to support the development of secure coding standards for commonly used programming languages such as C and C++. ” https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards  

0

MSRC Stories

This article has an interesting peek into life at the Microsoft Security Response Center: http://redmondmag.com/features/article.asp?EditorialsID=616 “I’m at the shop and over the radio I hear: ‘The Internet was taken down today by a worm affecting SQL Server,'” recalls Toulouse. “That was the first I heard of it.” A few moments later, Toulouse was racing toward…

0

port 25 is open on port 80

Here’s an interesting blog to watch courtesy the Open Source Software Lab @ Microsoft –  http://port25.technet.com/ (for RSS – http://port25.technet.com/rss.aspx )  

0

bluehat links

Some good links if you want to check out some of the speakers and topics addressed at the last Microsoft bluehat conference: http://blogs.technet.com/bluehat/archive/2006/03/21/422707.aspx 

0

running with least privilege

“In the ongoing battle to fight internal and external threats on the corporate desktop, IT staffers may be forgetting one very potent weapon in their arsenal—system lockdown.”  http://www.thechannelinsider.com/print_article2/0,1217,a=166172,00.asp If you care about this type of thing, Aaron Margosis’s blog is the place to go: http://blogs.msdn.com/Aaron_Margosis/ 

0