Hello all, this is Monty LaRue posting with some SDL related tools news. Microsoft has recently released an updated version of the Web Application Configuration Analyzer (WACA). While this tool isn’t intended to satisfy specific SDL requirements, it is valuable for performing best practices checks on your web application’s configuration. The checks span the Windows, IIS, ASP.NET, and SQL Server aspects of a deployment and are derived from standards that Microsoft uses to harden production servers. WACA is a good complement to the Attack Surface Analyzer tool which is applicable within the SDL Verification Phase.
Questions to ask your cloud provider
When it comes to building trust with cloud services customers, there’s no substitute for transparency. … Read more »
Microsoft Disrupts Botnet Hijacking Search Results and Exploiting Search Engines
Today, Microsoft’s Digital Crimes Unit (DCU), in partnership with law enforcement and industry partners, announced … Read more »
SDL War Story Videos
Watch short interviews with Mike Howard and Steve Lipner about the real-life conflicts that led … Read more »