Slides:

Advertisements

Similar presentations

MBT User Conference 2011 Kunal Chopra Rafael Forsbach Huiyong Xiao.

Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

CS457 – Introduction to Information Systems Security Software 4 Elias Athanasopoulos

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Moving Target Defense in Cyber Security

USING EMET TO DEFEND AGAINST TARGETED ATTACKS PRESENTED BY ROBERT HENSING – SENIOR CONSULTANT – MICROSOFT CORPORATION MICHAEL MATTES – SENIOR CONSULTANT.

12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

AppSecUSA New York City ME? Simón Roses Femerling Founder & CEO, VULNEX Blog:

Software and Security Buffer Overflow 1.

ISMT221 Information Systems Analysis and Design Project Management Tools Lab 1 Tony Tam.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Project Management Methodology More about Quality Control.

QWise software engineering – refactored! Testing, testing A first-look at the new testing capabilities in Visual Studio 2010 Mathias Olausson.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

Richard Johnson  How can we use the visualization tools we currently have more effectively?  How can the Software Development.

Microsoft Security Development Lifecycle

Varun Sharma Application Consulting and Engineering (ACE) Team, Microsoft India.

Visual Studio 2005 Team System Winning the testing space with advanced testing tools Eric Adams Program Manager Visual Studio 2005 Team System Microsoft.

Quiz question Session : Visual Studio Team System 2008 Make the Most of VSTS in Real - World Development.

ICINETIC Experts in.NET technologies and architectures.

Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.

Security Development Life Cycle Baking Security into Development September 2010.

1 Splint: A Static Memory Leakage tool Presented By: Krishna Balasubramanian.

Large code bases are common We still find ourselves working in unfamiliar code There is too much to know, too much to remember, and nobody can keep.

Lecture 13 Page 1 CS 236 Online Major Problem Areas for Secure Programming Certain areas of programming have proven to be particularly prone to problems.

Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.

Software - A set of instructions, stored digitally within the computer's memory, which tells the computer system what to do.  System Software  Application.

Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.

CSCI 115 Computer Programming Overview. Computer Software System Software –Operating systems –Utility programs –Language compilers Application Software.

Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.

® IBM Software Group © 2003 IBM Corporation IBM WebSphere Studio V5.1.2: Making Java Development Easier May 2004.

Neil Kidd Developer Tools Technical Specialist Microsoft UK.

VS33 Developer Productivity Enhancements in Visual Studio 2015 Robert Green Technical Evangelist, DX,

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.

How We Got Here PC and Internet changed the rules –Viruses, information sharing, “outside” and “inside” indistinguishable –Vulnerability research for.

Visual Studio 2015 Tips and Tricks Robert Green Program Manager Evangelism, DX,

Are you Ready To Take Microsoft Test? MCSD: Windows Store Apps.

Cloud-Computing Cloud Web-Blog Software Application Download Software.

Secure Programming Dr. X

Major Problem Areas for Secure Programming

Remix: On-demand Live Randomization

Secure Programming Dr. X

AUDACIOUS: USER DRIVEN ACCESS CONTROL WITH UNMODIFIED OPERATING SYSTEM

CSC 495/583 Topics of Software Security Stack Overflows (2)

Azure API Management Jothi Prakash A

Fix Windows 10 Error Code 0x80072ee7,Call Support Number

The Microsoft® Security Development Lifecycle (SDL)

What web developers need to know when building Metro style apps

An Introduction to Visual Basic .NET and Program Design

Oracle Optimization Experts  Oracle Optimization Experts- With the increasing importance of data, comes a greater responsibility to store, secure and.

Software Security.

Assembler, Compiler, Interpreter

Continuous Automated Chatbot Testing

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

Improving software quality using Visual Studio 11 C++ Code Analysis

Release Management with Visual Studio Team Services

Secure Coding: SDLC Integration Sixfold Path

Software Security Lesson Introduction

Using Windows Runtime and SDK to build Metro style apps

Address Space Layout Randomization (ASLR) Dirk Gordon

Assembler, Compiler, Interpreter

4/28/2019 6:13 PM HW-889P Advanced driver code analysis techniques Tips and tricks to develop more secure & reliable drivers Dave Sielaff Principal Software.

0. Overview of 2-Day Academic .NET Workshop

Office 365 Development July 2014.

Contexualized Data In Document Authoring

Presentation transcript:

Life In the Digital Crosshairs

‘Local’ context can access WINRT X ‘Web’ context cannot access WINRT More capabilities, greater risk

Code fixes performed after release can cost up to 30 times more than fixes performed during the design phase.* Release Source: National Institute of Standards and Technology * Source: Aberdeen Group Security and Software Development Lifecycle ? !!

Code Analysis /DYNAMICBASE Address Space Layout Randomization (ASLR) /NXCOMPAT Data Execution Prevention (DEP) /GS Buffer Security Check Flag Banned API

? There are many inputs to store web apps to keep in mind.

 Understanding SAL (source code annotation language)   Analyzing Application Quality by Using Code Analysis Tools   Visual Studio 2013 Static Code Analysis in depth: What? When and how?  code-analysis-in-depth-what-when-and-how.aspx

 SDL Portal   SDL Blog   Simplified Implementation of the Microsoft SDL   Forrester Consulting Report “State of Application Security”   Aberdeen Group Report “Security and the Software Development Lifecycle: Secure at the Source” 