Microsoft Trustworthy Developer Content Strategy

Technorati Tags: developer content strategy,privacy,security I was at my Vice President’s (Scott Charney) all hands meeting last month. Scott was talking about the need to discuss online safety and Green IT to IT Pros and developers. I was taking some notes and Maslow’s Hierarchy of Needs pyramid came to mind. I thought of what Scott…


Study: Top Web Application Vulnerabilities Remain Unfixed

Application Development trends published a study from Cenzic, that shows that 70% of web applications analyzed where susceptible to cross site scripting  exploitations with 20% of the web applications studied were vulnerable to SQL injection type attacks. Microsoft provides developers with tons of guidance on how to better secure your web applications.  Don’t let your…

OWASP Top 10 2007

Most developers who use Microsoft developer tools and technologies will tell you that if you’re looking for developer resources, just go to msdn online. Well not everyone uses Microsoft developer tools and technologies. This is where the Open Web Application Security Project (OWASP) comes in. When folks are looking for application software security guidance, they’ll…


Joe Stagner’s Security Blog –

Everyone who is interested in learning about security needs to stay focused on this blog when it launches. This is Joe’s new security blog that he’s going to manage from Scott Guthrie’s team. It’s going to be good. This is sort of like getting the advanced warning that Jackson is going to start filming the Lord…

Digital Black Belt Series

This is an older on demand webcast series, but I’m considering resurrecting this next year.   Digital Blackbelt Series


Microsoft Security Development Lifecycle (SDL) download now available

As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this 78 page document to enhance and inform their own software security and privacy assurance programs. Microsoft…

Developer Security Content Framework

I’m trying to develop a framework for security related content, and one of the issues I’m trying to address is how folks go about searching for security content. Yes, I know you pull up your browser, and do a Google search on SDL, threat modeling, STRIPE, digest authentication, Kerberos authentication, etc. But what do you…

Writing Secure Code on msdn online

Writing Secure Code "One of the key things that developers can do to help secure their systems is to write code that can withstand attack and use security features properly. This page contains links to best practices and how-to articles on writing secure code."


How To: Protect From SQL Injection in ASP.NET

Looks like SQL Injections attacks are taking place. Check out the article at Computerworld. If you’re not sure on how to protect your site from these attacks, please take a look at our article, "How To: Protect From SQL Injection in ASP.NET", on msdn online.


Michael Howard – Required Reading

Technorati Tags: Writing Secure Code If you’re looking to better understand writing secure code, Michael Howard’s blog and his books are required reading. Yes, he wrote the book on Writing Secure Code. Really. Michael Howard’s Blog George