SDL Team, Author at Microsoft Security Blog

Jan 16, 2012

4 min read

Secure Credential Storage

Pop security quiz: What’s the most secure way to store a secret? a) Encrypt it with a strong symmetric cryptographic algorithm such as AES, using a 256-bit key. b) Encrypt it with a strong asymmetric cryptographic algorithm such as RSA, using a 4096-bit key. c) Encrypt it using a cryptographic system built into your platform, like […]

Best practices

Jul 7, 2010

5 min read

Writing Fuzzable Code

Adam Shostack here. One of the really exciting things about being in the Microsoft Security Engineering Center is all of the amazing collaborators we have around the company. People are always working to make security engineering easier and more effective. When we talk about security testing, we often focus on what it can’t do. “You […]

Sep 26, 2007

7 min read

The Trouble with Threat Modeling

Adam Shostack here. I said recently that I wanted to talk more about what I do. The core of what I do is help Microsoft’s product teams analyze the security of their designs by threat modeling. So I’m very concerned about how well we threat model, and how to help folks I work […]

SDL Team Posts

Writing Fuzzable Code

The Trouble with Threat Modeling

Get started with Microsoft Security