Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities[MP4] [0:08:42] [2010/02/25]
Anil Revuru (RV) from
Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0. It is a static analysis tool that uses the…
Technical Preview for CAT.NET 2.0[MP4] [0:20:21] [2009/12/12]Maqbool Malik and Anil Revuru (RV), from
Microsoft Information Security, talk about the newly designed version of CAT.NET which will be part of the Assessment & Protection
(A&P)…
Using the Web Protection Library (WPL) - CTP Version[MP4] [0:10:56] [2009/11/25]
Anil Revuru (RV), from
Microsoft Information Security, walks us through the expansion of what used to be the Anti-XSS Library. This enhanced version of the library will introduce mitigation to…
Using Web Application Configuration Analyzer (WACA) - CTP Version[MP4] [0:07:15] [2009/11/25]Anil Revuru (RV), from
Microsoft Information Security, walks us through a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect…
Web Application Configuration Analyzer (WACA)[MP4] [0:15:43] [2009/11/21]Anil Revuru (RV), from
Microsoft Information Security, introduces a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it.…
Enhanced Web Protection Library[MP4] [0:15:28] [2009/11/13]
Anil Revuru (RV), from
Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS)…
Assessment and Protection Suite[MP4] [0:17:24] [2009/11/13]
Anil Revuru (RV) and Mark Curphey, from
Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is…
Anti-XSS Library v3.1: Find, Fix, and Verify Errors[MP4] [0:21:51] [2009/09/24]
Anil Revuru (RV) from
Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS…
Connected Information Security Framework: Core Components[MP4] [0:22:06] [2009/09/24]
Marius Grigoriu and Vineet Batta, from Microsoft Information Security, talk about the technical components for the first version of
Connected Information Security Framework (CISF). A software…
CISF: Build Custom Security Solutions[MP4] [0:19:42] [2009/09/18]Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of
Connected Information Security Framework (CISF). A software development…
SDL-LOB Phase 3: Implementation[MP4] [0:18:19] [2009/07/21]The third phase of the
SDL-LOB (Security Development Lifecycle for Line-of-Business applications) includes
Implementation.
Eugene Siu, from
Microsoft Information Security, describes some of…
Anti-XSS 3.0 Released[MP4] [0:17:35] [2009/07/16]
Vineet Batta and Anil Revuru (RV), from
Microsoft Information Security, talk about the release of the new version of the Anti-XSS library, which is designed to encode output to help developers…
Silverlight 2 Security[MP4] [0:18:40] [2009/07/14]The usage of Silverlight to provide users a rich internet experience continues to increase. As it becomes a key element on our web applications, it is good to keep in mind that it still runs code on…
Threat Modeling LOB Applications with TAM 3.0[MP4] [0:48:45] [2009/07/07]
Andrew Law, from Microsoft Information Security, walks us through the creation of a threat model for a line-of-business application using the Threat Analysis & Modeling tool version 3.0. This…
SQL Detect[MP4] [0:12:14] [2009/07/07]SQL Detect is a SQL injection filter in real-time mode. When a request happens in the application the tool applies different heuristics to the data and tries to identify the attack. After the request…
Architecture Behind CAT.NET[MP4] [0:17:47] [2009/06/30]
Ben Livshits, from Microsoft Research, talks about the architecture behind
CAT.NET, which is a static analysis tool on Visual Studio that helps find vulnerabilities like SQL Injection, CSRF, XSS…
Threat Analysis & Modeling Tool - TAM 3.0[MP4] [0:16:01] [2009/06/30]Anil Revuru (RV), from
Information Security Tools, provides an overview of the new version of TAM (Threat Analysis & Modeling), an asset-centric tool which uses an objective methodology to…
Security Design Reviews[MP4] [0:18:03] [2009/06/25]Security is not something we just add at the end of the implementation phase...it should be
baked into the application all the way from design.
Anmol Malhotra, from
Microsoft Information…
ACE's Performance Development Lifecycle for IT (PDL-IT)[MP4] [0:14:33] [2009/04/04]
Microsoft ACE team has been involved in performance testing and tuning of web applications within Microsoft and externally for several years now. Microsoft's
Information Security - ACE Performance…
Application Performance Reviews: ACE Team[MP4] [0:11:54] [2009/03/04]
The Assessment Consulting & Engineering (ACE) team, part of the Microsoft Information Security group, assesses the performance of Microsoft
applications. Principal Performance Manager, K.M.…