Hello all, this is Monty LaRue posting with some SDL related tools news. Microsoft has recently released an updated version of the Web Application Configuration Analyzer (WACA). While this tool isn’t intended to satisfy specific SDL requirements, it is valuable for performing best practices checks on your web application’s configuration. The checks span the Windows, IIS, ASP.NET, and SQL Server aspects of a deployment and are derived from standards that Microsoft uses to harden production servers. WACA is a good complement to the Attack Surface Analyzer tool which is applicable within the SDL Verification Phase.
More ways to protect yourself in 2008
Last month we told you about predicted Internet security threats for the coming year. … Read more »
What’s new in Windows Live OneCare
The newest version of Windows Live OneCare is now available to download, includes the following features … Read more »
SDL and PCI DSS/PA-DSS: Aligning security practices and compliance activities
Jeremy Dallman here to introduce our second paper aligning SDL practices with compliance activities. Last … Read more »