Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: New Security Tools for IIS and SQL

    In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information...
  • Blog Post: SDL Awareness and Adoption High Among Security Professionals

    UPDATE - Hear what others are saying about this survey: (Dark Reading) Survey Says: More Than Half of Software Companies Deploying Secure Coding Methods (NetworkWorld) Code Writers Finally Get Security? Maybe (Help Net Security) Root issues causing software vulnerabilities Errata Security has released...
  • Blog Post: Threat Modeling from the Front Lines

    During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle ( SDL ) team working on software design, development and testing...
  • Blog Post: Visit the New SDL (Security Development Lifecycle) Web Site

    I wanted to mention to folks that a new Security Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl , instead of some long name you'd never remember. Of course, once you navigate to that URL, you get redirected...