AI innovations for a more secure future unveiled at Microsoft Ignite
Company delivers advances in AI and posture management, unprecedented bug bounty program, and updates on its Secure Future Initiative.
SDL Training
Hi everyone, Shawn Hernan here. Being a security guy is incredibly rewarding because you get to look at virtually any part of a product, from kernel drivers to web services to user education to sales and servicing. You have to do that because a failure in one of those areas can endanger the security of […]
Giving SQL Injection the Respect it Deserves
You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise as many database servers as possible. While the attack was a SQL injection attack that attacked and […]
What is a Windows Live ID?
A Windows Live ID is your e-mail address and a password that you choose.
Training People on Threat Modeling
Adam Shostack here. Blogger Ian Grigg has an interesting response to my threat modeling blog series, and I wanted to respond to it. In particular, Ian says “I then would prefer to see the threat – property matrix this way:” I wanted to share an additional table from our training, and talk about repudiation […]
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
The Trouble with Threat Modeling
Adam Shostack here. I said recently that I wanted to talk more about what I do. The core of what I do is help Microsoft’s product teams analyze the security of their designs by threat modeling. So I’m very concerned about how well we threat model, and how to help folks I work […]
Is it safe to install ActiveX controls on my computer?
A lot of you have recently asked us about ActiveX controls. Here’s an example of a message you might have seen: What are ActiveX controls? ActiveX controls are small programs, sometimes also called “add-ons,” used on the Internet. They can make browsing more enjoyable by allowing animation or they can help with tasks such as […]
STRIDE chart
There are good reasons to optimize for different points on that spectrum (of better/faster/cheaper) at different times in different products.
How to tell if Windows Defender is installed on your computer
Windows Defender is an antispyware program from Microsoft that helps protect you from spyware, pop-up windows, and other unwanted software. It’s free to download for Windows XP users and it comes with Windows Vista. To check whether Windows Defender is already installed on your computer: 1. Click Start and then click All Programs. 2. Look […]
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Windows Defender for Windows Vista
Some of you have been asking about whether or not you should download Windows Defender. Here’s the short answer: Windows Defender comes with Windows Vista. If you use Windows Vista, do not download Windows Defender. What is Windows Defender? Windows Defender is a free program from Microsoft that helps protect your computer against pop-ups, slow […]
Testing in the SDL
“You can’t test quality in.” It’s a truism coined long ago and an accepted fact of software development. Yet, for security, testing is arguably the most talked about aspect of the Security Development Lifecycle (SDL). When we get security wrong, the first criticism we almost always hear is, “Didn’t you guys test this thing?” It […]
What is a cookie?
Cookies are small files that Web sites put on your computer hard disk drive when you first visit. Think of a cookie as an identification card that’s uniquely yours. Its job is to notify the site when you’ve returned. Cookies should not be confused with viruses. While it is possible to misuse a cookie in cases where […]
Common Objections – Comparing Linux Distros with Windows
Once again, my effort to explore common misperceptions (more recently exploring unpatched statistics) has brought out some of the common objections from those that don’t necessarily like the results. Very rarely do I get comments that can find a substantive problem with the analysis – instead the arguments tend to be detailed variations of “your comparison […]