Hello all, this is Monty LaRue posting with some SDL related tools news. Microsoft has recently released an updated version of the Web Application Configuration Analyzer (WACA). While this tool isn’t intended to satisfy specific SDL requirements, it is valuable for performing best practices checks on your web application’s configuration. The checks span the Windows, IIS, ASP.NET, and SQL Server aspects of a deployment and are derived from standards that Microsoft uses to harden production servers. WACA is a good complement to the Attack Surface Analyzer tool which is applicable within the SDL Verification Phase.
RSA Europe 2013: Operational Security for Online Services
Today, at the RSA Conference Europe in Amsterdam, I gave a presentation on an important … Read more »
Experts say Microsoft has improved update process
Network World reports that Microsoft has improved the security update process and is getting better … Read more »
Artima: Microsoft Under Attack
A new article called Microsoft Under Attack summarizes itself by saying: Not by angry customers … Read more »