MS Anti-Cross Site Scripting Library 1.5 Available

Many applications today have several common security problems.  SQL Injection, poor authentication and authorization, and Cross Site Scripting (XSS) vulnerabilities.  The faster and more conssitently we can address these problems the better the security of our application is.  Microsoft has released version 1.5 of the Anti-XSS library.  You can download it for free from: …


IT Around the World – Vietnam Part 2

  So for part two of this I’d like to discuss a different aspect of IT in Southeast Asia.  One of the things that defines most IT industries is their financial environment.  This is true both vertically, and horizontally across the industry.  For example, if we look at IT in the manufacturing industry we can…


IT Around The World – Vietnam Part 1

Recently I was invited to participate in a workshop that was put together by the Ministry of Post and Telematics in Vietnam ( page in Vietnamese). MPT is a government organisation that is progressing IT in Vietnam. I was asked to give a short presentation on two topics, Digital Media, and Cyberspace Security. When I was…


ACE Threat Modeling Links

I’ve been asked several times where to get the new ACE Threat Analysis and Modeling tool.  You can find this and more information about ACE Services here:   Have a look.  We’re working on getting V2.1 of the tool released.  It will be posted there when it’s ready.  


Can we get something for nothing?

A lot of the time when I’m presenting or discussing implementing a Secure Development Lifecycle (SDL) with clients the same question pops up.  ‘How much is this going to slow us down?’  Well to be honest, you can’t insert anything into a Software Development Life Cycle (SDLC) without adding some time or resources.  The problem is,…