Security Intelligence Report Vol 9 available

The latest SIR is available now from Microsoft. You can find it here: http://www.microsoft.com/security/sir/default.aspx  Industry wide vulnerabilities continue their downward trend. However High Complexity vulnerabilities rose a bit ( http://www.microsoft.com/security/sir/keyfindings/default.aspx#section_4_1_3 ). Is this a good thing? Maybe. Low and medium vulnerabilities continued downward, this means that common easy to attack vulnerabilities such as XSS and…

0

Follow-up from previous SQL Injection post.

So first off, Thank you to Jim Manico for his comment on my previous post which lead me to create this post. I will includes quotes from Jim’s comment for reference here. JM: “I think you are terribly wrong, and its important we clear this up.” No worries I appreciate your candour. Everyone is entitled…

3

“there is no bigger attach vector than with a parameterized sp” NOT!!

I recently posted an article on our ACE Team blog (you can read it here if you are interested) There were a few comments about the use of Dynamic SQL that made me realise that not everyone “get’s it” yet. Here are the comments that started the discussion: Alastair Upton said: Shouldn’t Rule #4 read…

3

Rules to stop bad guys

I just posted an article to our team blog about simple development rules to stop the bad guys. Head over and have a read. You can find the post on the ACE Team blog. I know it’s a repost, but sometimes it beats re-writing. 😉

0