Well, it looks like Microsoft has been busy on the security front this month. Not only did they release their security essentials this week but also some interesting testing tools, too. Microsoft Essentials Essentials is the Microsoft answer to real-time Home PC protection. It guards against viruses, spyware and other malicious software. It is now available for download from Microsoft. MiniFuzz File Fuzzer MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security ......
Emergency patches issued for IE and Visual Studio Microsoft on Tuesday issued two out-of-band security patches -- one for the development tools suite Visual Studio and another for Internet Explorer. Read the full article here: Emergency patches issued for IE and Visual Studio ......
If you have not heard there is an updated MS SDL Starter Kit available for download. This kit provides a compilation of baseline developer security training materials on core Microsoft Security Development Lifecycle (SDL) topics. The core Microsoft Security Development Lifecycle (SDL) topics include: Secure design principles Secure implementation principles Secure verification principles SQL injection Cross-site scripting Code analysis Banned application programming interfaces (APIs) Buffer overflows ......
Using the SDL? if not, you should be considering it… Having blurred the line between development and Test Engineering at our organization, I am finding out how little our development team(s) knows about secure development practices. Not a good thing. Recently, Microsoft released the SDL process template for VSTS and I think it’s going to help. So, if you have not seen this it is a nice start at helping ensure secure development practices are used by your team. Hmmm, amazing what a little process, ......