From Lord Time@TIME to All on Sun Nov 10 15:23:03 2013
Microsoft Security Newsletter - September 2013
Trustworthy Computing | September 2013
Microsoft Security Newsletter
Welcome to September’s Security Newsletter!
This month our newsletter focuses on application security. With the growing popularity of apps today, and their wide range of use such as the processing
of financial data or storing of personal information, it is critically important that application developers build apps with security in mind.
To help developers protect their applications from malicious attacks,
Microsoft has integrated security technologies into our software commonly used for development. Windows 8 and Visual Studio 2012 provide a set of application programming interfaces (APIs), controls, and tools to help minimize
application vulnerabilities and mitigate common security problems. In Visual Studio 2012, security technologies such as
Structured Exception Handling Overwrite Protection (SEHOP) are enabled by default for native code within the application. When developers compile their applications, these security technologies are integrated. In addition, Microsoft provides an
released a new Security Intelligence Report app for Windows . If you are not familiar with the
Microsoft Security Intelligence Report (SIR) , it provides threat intelligence for 100+ countries/regions around the world and is designed to help IT professionals manage risk within their organizations. This new app is designed to work on Windows 7 and Windows 8 and provides our readers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The app includes all 800+ pages of content from SIR Volume 14, the latest volume
of the report, and is fully searchable. This makes it easy to find every mention of a particular threat or country/region. It also provides an easy way to access high fidelity charts with ";save as"; functionality. In addition,
the application is reader friendly with the integration of glossary terms in the body of the report.
Financial Services: A Survey of the State of Secure Application Development Processes
Organizations in the financial services industry handle trillions of transactions each year involving sensitive information about individuals, companies, and other third parties. To help protect this sensitive information it is important that financial services organizations are developing, procuring, and using software applications that have been developed with security in mind. As a result, Microsoft recently commissioned an independent research and consultancy firm to examine the current state of application development in the financial services sector from a security perspective. Explore their findings by downloading the report,
Microsoft Security Development Lifecycle Adoption: Why and How today.";
A little more than a month ago, Microsoft http://blogs.technet.com/b/bluehat/archive/2013/07/29/new-mapp-initiatives.asp x announced some new initiatives for the Microsoft Active Protections Program (MAPP). Learn how the program is moving forward with its first two
initiatives, one of which is a new automated knowledge exchange platform that provides the ability to automate the sharing and consumption of threat information in machine readable formats.
Designed for development managers and IT policymakers, this step-by-step model helps you gradually move your organization toward the adoption of the
Microsoft SDL to reduce customer risk. Included are tools that will enable you to: a) assess the state of your development organization with four maturity levels; b) create a practical vision and roadmap for improving your organizations software development capability; and c) outline practical and cost-effective activities in each of the five capability areas to assist with budgeting, planning, and staffing efforts associated with software.
Get a downloadable template that automatically integrates the policy, process, and tools associated with the Microsoft SDL process guidance directly into
your Visual Studio Team System (VSTS) software development environment.
Threat modeling is a core element of the Microsoft SDL. The SDL Threat
Modeling makes threat modeling easier for developers of all skill levels to communicate about the security design of their systems, analyze those designs for potential security issues using a proven methodology, and suggest and manage mitigations for security issues.
security features of the Windows Runtime.
Beyond the buzz of Web 2.0, mashup applications (also called hybrid or situational applications) bring the promise of creating meaningful experiences by feeding other people's data to your application. Learn to mitigate security issues that can come along with a mashup application in this series of
articles from MSDN's Script Junkie.
If you’re in IT, you are frequently processing, storing, or transmitting data that is subject to regulatory and compliance requirements. When that data falls under regulatory or compliance restrictions, your choice of cloud deployment (whether private, hybrid or public) hinges on maintaining the security of information. Learn how to view the cloud as a golden opportunity
to achieve better security.
Learn how to implement the foundational concepts of the Microsoft SDL and
build better software. Topics include secure design, threat modeling, secure coding, security testing, and best practices surrounding privacy. This
training is designed specifically for software development team members in technical roles (developers, testers, and program managers).
This is a monthly newsletter for IT professionals and
developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
(c) 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The
names of actual companies and products mentioned herein may be the trademarks of their respective owners.