2002-2003 2004 2005-2007 Now Bill Gates writes “Trustworthy Computing” memo early 2002 “Windows security push” for Windows Server 2003 Security push.

Slides:



Advertisements
Similar presentations
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Advertisements

Eralp Erat Senior Software Developer MCP,MCAD.NET,MCSD.NET.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
USING EMET TO DEFEND AGAINST TARGETED ATTACKS PRESENTED BY ROBERT HENSING – SENIOR CONSULTANT – MICROSOFT CORPORATION MICHAEL MATTES – SENIOR CONSULTANT.
Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist
12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.
Visual Studio Team System (VSTS). Richard Hundhausen Author of software development books Microsoft Regional Director Microsoft MVP (VSTS) MCT, MCSD,
Sudesh Krishnamoorthy Developer Technology Specialist | Microsoft |
The Microsoft Technical Roadshow 2006 Welcome and Introduction Kevin McDaniel Developer & Platform Evangelism Group Microsoft Ltd
Software Factory Assembling Applications with Models, Patterns, Frameworks and Tools Anna Liu Senior Architect Advisor Microsoft Australia.
Tom Hollander Solution Architect Solutions Development Centre Microsoft Australia ARC308.
Accelerate adoption, provide customer insights to engineering, and deliver knowledge to the IT Pro community.
Protection Through Software and Services James Hamilton General Manager Microsoft Corporation.
Software Development using SCRUM for Visual Team System Sascha P. Corti Developer Evangelist Microsoft Switzerland GmbH
Windows Server 2012 Certification and Training June 2012.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
IT:Network:Microsoft Applications
DEV327 Visual Studio Team Foundation Server, Part 1 Brian Harry Product Unit Manager Team Foundation Server.
BY Zoher & Mahmoud. What is WAMP?  - Acronym for Windows/Apache/MySQL/PHP, Python, (and/or) PERL  - WAMP refers to a set of free open source applications,
Laurent Bugnion Senior Software Engineer Siemens Building Technologies.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
MSDN Webcast - SDL Process. Agenda  Fuzzing & The SDL  Integration of fuzzing  Importance of fuzzing Michael Eddington Déjà vu Security
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Networks worms Denial of Service Phishing / Social Engineering BotnetsRootkits Technically-oriented social engineering attacks Cross-device attacks.
 When Bill Gates saw how successful the apple “Lisa” computer and “Mac” computer were doing he decided to create an operating system with a GUI himself.
Microsoft Confidential - Signed NDA Required Windows Azure Executive Vision and Roadmap NAME TITLE Microsoft Corporation.
Applying the Secure Development Lifecycle to the WCF
Adam Shostack Senior Program Manager Security Engineering & Communications Sue Glueck Senior Privacy Attorney Microsoft Corporation.
The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.
Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.
Microsoft Security Development Lifecycle
4/23/ :45 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Microsoft History and beyond
Microsoft’s ALM Vision. Vision and benefits ALM today ALM outlook.
Security Development Life Cycle Baking Security into Development September 2010.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
How* to Win the #BestMicrosoftHack Shahed Chowdhuri Sr. Technical WakeUpAndCode.com *Hint: Use the Cloud.
Virtual Machine Management Challenges What are Solution Accelerators? Offline Virtual Machine Servicing Tool Next Steps.
Giles Davies Testers are from Venus.
Visual Studio Team System overview Pierre Greborio Software Architect – PEWay Microsoft MVP – Solutions Architect.
DEV311 Delving into Visual Studio 2005 Team Edition for Software Testers Ed Glas Group Manager, Web and Load Testing Microsoft Corporation.
Copyright © Microsoft Corp 2006 The Security Development Lifecycle Eric Bidstrup, CISSP Group Program Manager Security Engineering and Communication.
Connect with life Cheryl Johnson VSTS Solution Expert | Canarys Automations Pvt Ltd Performance Testing.
Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
Connect with life Tejasvi Kumar Developer Technology Specialist | Microsoft India
Security Development Lifecycle. Microsoft SDL 概觀 The SDL is composed of proven security practices It works in development organizations regardless of.
How We Got Here PC and Internet changed the rules –Viruses, information sharing, “outside” and “inside” indistinguishable –Vulnerability research for.
Windows Server 2012 Certification and Training
1/10/2018 9:33 PM Cloud Roadshow © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO.
1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Transform yourself and build your IT cloud career path
DEV260 Microsoft Visual Studio 2005 Team System: Managing the Software Lifecycle with Visual Studio 2005 Team System Bindia Hallauer Senior Product Manager.
Software Defined Storage
7/17/2018 8:17 AM Privacy and Security by Design: How Microsoft Builds Privacy and Security into Software and Online Services Adam Shostack Senior Program.
Introduction to Team Foundation Server 2010
The Microsoft® Security Development Lifecycle (SDL)
SharePoint Saturday Detroit
Continuous Automated Chatbot Testing
Windows Server 2016 Software Defined Storage
Engineering Secure Software
Evolution of Microsoft Windows: 1985 ~ 2009
Herding Cats and Security Tools
Make Web Not War /Web Say(Hello); to the Microsoft Web Platform
1/14/2019 3:57 AM © 2004 Microsoft Corporation. All rights reserved.
Introduction to VSTS Database Professional
Windows Azure Hybrid Architectures and Patterns
Re- engineeniering.
Security in the Real World – Plenary Day One
Presentation transcript:

Now Bill Gates writes “Trustworthy Computing” memo early 2002 “Windows security push” for Windows Server 2003 Security push and FSR extended to other products Microsoft Senior Leadership Team agrees to require SDL for all products that: Are exposed to meaningful risk and/or Process sensitive data SDL is enhanced “Fuzz” testing Code analysis Crypto design requirements Privacy Banned APIs and more… Windows Vista is the first OS to go through full SDL cycle Optimize the process through feedback, analysis and automation Evangelize the SDL to the software development community: SDL Process Guidance SDL Optimization Model SDL Pro Network SDL Tools SDL Process Templates

SDL – Continual Improvement -Now at version 5.2 -Microsoft’s secure development processes have come a long way since the SDL was first introduced – the SDL is constantly evolving

The SDL Process Template integrates SDL directly into the VSTS software development environment.

Model Identify Threats MitigateValidate Vision

Transforms threat modeling from an expert- led process into a process that any software architect can perform effectively

MitigationMitigatesAvailable inEnabled by Stack cookiesDev 10/GS Strict GS‘non-traditional’ stack overflows Dev 10#pragma strict_gs_check(on) DEPW^XXP SP2+/NXCOMPAT Heap hardeningHeap metadata attacks Vista +(OS Platform Support) Heap terminate on corruption “XPSP3HeapSetInformation or /SUBSYSTEM:WINDOWS,6.0 ASLRROP/DYNAMICBASE SafeSEHSEH overwrites/SAFESEH SEHOP“Win 7+Reg key entry See

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.