Microsofts Security Development Lifecycle (SDL)
http://www.microsoft.com/security/sdl/default.aspxThe Microsoft Site gives a lot of information on using a Secure Development lifecycle much of which is transferable to other development environments, the principles behind the Microsoft's SDL and pretty much good solid principles.
Free tools from Microsoft
Some of these tools are more for the Microsoft programming environment than others
Threat Modeling Tool
The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle. To help make threat modeling a little easier, Microsoft offers a free SDL Threat Modeling Tool that enables non-security subject matter experts to create and analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues.http://blogs.technet.com/b/security/archive/2012/08/23/microsoft-s-free-security-tools-threat-modeling.aspx
Attack Surface Analyzer
Attack Surface Analyzer can help software developers and Independent Software Vendors (ISVs) understand the changes in Windows systems’ attack surface resulting from the installation of the applications they develop. It can also help IT professionals, who are responsible for managing the deployment of applications or the security of desktops and servers, understand how the attack surface of Windows systems change as a result of installing software on the systems they manage.http://blogs.technet.com/b/security/archive/2012/08/02/microsoft-s-free-security-tools-attack-surface-analyzer.aspx
Anti-Cross Site Scripting Library
The Microsoft Anti-Cross Site Scripting Library V4.2.1 (AntiXSS V4.2.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.http://msdn.microsoft.com/en-us/security/aa973814.aspx
banned.h
The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development.http://blogs.technet.com/b/security/archive/2012/08/30/microsoft-s-free-security-tools-banned-h.aspx
The Security Development Lifecycle is a software development security assurance process consisting of security practices grouped by seven phases. All the tool is very important for microsoft programming.
ReplyDeleteSoftware Development Consultancy
This comment has been removed by the author.
ReplyDelete