How to help maintain security compliance
This is the last post in our eight-blog series on deploying Intelligent Security scenarios. In this post, we explain how Microsoft 365 security solutions enable you to manage security compliance processes.
CISO series: Partnering with the C-Suite on cybersecurity
In my last blog, we looked at five communication techniques that can help engage business managers in the work of cybersecurity. This week, we’ll look at how to use those techniques to bring the C-Suite into the conversation.
Jumpstart your Microsoft Graph Security API integration with the new JavaScript sample app
We just launched a new JavaScript sample that provides ready-to-run code to make it easier than ever for developers to get started using the security API in Microsoft Graph.
P = NP: Cloud data protection in vulnerable non-production environments
Keeping track of sensitive data is becoming harder as data is being dispersed all over the organization. Protecting your data begins with understanding that P = NP (read: Production equals Non-Production).
The need and opportunity for adaptive prevention in the cloud
This post is authored by Michael Bargury, Data Scientist, C+E Security. The need The cloud introduces new security challenges, which differ from classic ones by diversity and scale. Once a Virtual Machine (VM) is up and running with an open internet port, it is almost instantaneously subject to vulnerability scanning and Brute Force (BF) attacks.
Secure Development Blog
We’re proud to announce Secure Development at Microsoft, our developer focused security blog at Microsoft. The blog was created to inform developers of new security tools, services, open source projects and best development practices in order to help instill a security mindset across the development community and enable cross collaboration amongst its members.
Writing Fuzzable Code
Adam Shostack here. One of the really exciting things about being in the Microsoft Security Engineering Center is all of the amazing collaborators we have around the company. People are always working to make security engineering easier and more effective. When we talk about security testing, we often focus on what it can’t do.
Giving SQL Injection the Respect it Deserves
You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic  so it could compromise as many database servers as possible.
Training People on Threat Modeling
Adam Shostack here. Blogger Ian Grigg has an interesting response to my threat modeling blog series, and I wanted to respond to it.