Hello all, this is Monty LaRue posting with some SDL related tools news. Microsoft has recently released an updated version of the Web Application Configuration Analyzer (WACA). While this tool isn’t intended to satisfy specific SDL requirements, it is valuable for performing best practices checks on your web application’s configuration. The checks span the Windows, IIS, ASP.NET, and SQL Server aspects of a deployment and are derived from standards that Microsoft uses to harden production servers. WACA is a good complement to the Attack Surface Analyzer tool which is applicable within the SDL Verification Phase.
Microsoft’s Free Security Tools – Microsoft Assessment and Planning (MAP) Toolkit
This article in our free security tools series focuses on the benefits of the Microsoft … Read more »
Security updates for November 2011
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 4 security … Read more »
SDL Threat Modeling Tool 3.1.4 ships!
Adam here. We’re pleased to announce version 3.1.4 of the SDL Threat Modeling Tool. A … Read more »