-
SDL Videos
-
SDL 10 year Anniversary
SDL+10+year+Anniversary
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2b10%2byear%2bAnniversary
http://content5.catalog.video.msn.com/e2/ds/0442749d-3548-4c47-9716-22c64f928966.mp4
Eric Bidstrup and Steve Lipner reminisce about their challenges in getting the Microsoft SDL adopted at Microsoft and accepted into Microsoft’s engineering culture.- Run Time:
- 04:17
- Uploaded:
- 01/31/12
- Embed:
-
Get Code... Hide Code...
<embed src="http://content5.catalog.video.msn.com/e2/ds/0442749d-3548-4c47-9716-22c64f928966.mp4" width="800px" height="600px"></embed>
-
Microsoft Security Development Lifecycle (SDL) Progress Report: SDL Progress Report
Microsoft+Security+Development+Lifecycle+(SDL)+Progress+Report%3a+SDL+Progress+Report
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSecurity%2bDevelopment%2bLifecycle%2b(SDL)%2bProgress%2bReport%253a%2bSDL%2bProgress%2bReport
http://content1.catalog.video.msn.com/e2/ds/3d3a1bd5-0a77-40a2-be40-d97d11a19c19.mp4
Steve Lipner and Doug Cavit from the Microsoft Security Development Lifecycle (SDL) team discuss in depth the evolution of the Microsoft SDL, and the progress made in using the SDL and security science to reduce vulnerabilities and mitigate threats to Microsoft software and services.- Run Time:
- 18:32
- Uploaded:
- 02/1/12
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/3d3a1bd5-0a77-40a2-be40-d97d11a19c19.mp4" width="800px" height="600px"></embed>
-
Microsoft SDL Release Phase: Security Practices
Microsoft+SDL+Release+Phase%3a+Security+Practices
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bRelease%2bPhase%253a%2bSecurity%2bPractices
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/70e1fc18-c60e-4734-a02c-6becae66750c.mp4
In this video, Jason Glassberg, Co-Founder, Casaba, discusses the three security practices of the Microsoft SDL Release phase. Jason talks about the planning for post-release contingencies by creating a well thought-out incident response plan, then stresses the importance of the application of a Final Security Review, its outcomes and mitigation of any outstanding issues. Finally he discusses the archiving of all pertinent information and data to allow for post-release servicing of the software.- Run Time:
- 6:17
- Uploaded:
- 01/18/11
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/70e1fc18-c60e-4734-a02c-6becae66750c.mp4" width="800px" height="600px"></embed>
-
Applying Microsoft SDL Release Practices within Windows Azure
Applying+Microsoft+SDL+Release+Practices+within+Windows+Azure
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bRelease%2bPractices%2bwithin%2bWindows%2bAzure
http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/659f8a4a-254e-4917-b072-209c2a681e05.mp4
In this video, Jason Glassberg, Co-Founder, Casaba, speaks about the Release phase of the Microsoft SDL and how to apply the Microsoft SDL release phase practices to applications built on top of Windows Azure. Jason explains that the Microsoft SDL can apply to any cloud-based deployment, but focuses on Windows Azure, explaining that the steps are very similar to a typical on-premises application (File an Incident Response Plan, Perform a Final Security Review and Release Archive). In Azure, the importance of understanding of the platform is doubly-important in preparing an Incident Response Plan because rollback and stopping of deployment is vastly simpler than in on-premises or full-platform hosted deployment. Because Azure makes it so simple to deploy applications, Jason emphasizes the importance of reviewing the deployment and securing deployment-related artifacts such as management accounts, access to Service Management API and SSL certificates used by applications.- Run Time:
- 8:04
- Uploaded:
- 01/18/11
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/659f8a4a-254e-4917-b072-209c2a681e05.mp4" width="800px" height="600px"></embed>
-
Applying Microsoft SDL Implementation Practices within Windows Azure
Applying+Microsoft+SDL+Implementation+Practices+within+Windows+Azure
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bImplementation%2bPractices%2bwithin%2bWindows%2bAzure
http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/da4120e6-7f4a-4d5f-a324-049150a713dd.mp4
In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, explains how the Implementation phase of the Microsoft SDL applies to building Windows Azure application. He starts first by defining both the similarities and key differences between implementation of on-premises solutions and Windows Azure-based applications. Following the theme of Peter’s previous theory video, Peter dives into specific tools that can be of use to secure implementation of applications on Windows Azure, including Checkmarx, Coverity and Veracode. The conversation then moves to properly implementing defenses against usual web threats (SQL injection, XSS, authentication, etc.) in the Windows Azure web applications.- Run Time:
- 33:08
- Uploaded:
- 01/18/11
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/da4120e6-7f4a-4d5f-a324-049150a713dd.mp4" width="800px" height="600px"></embed>
-
Microsoft SDL Implementation Phase: Security Practices
Microsoft+SDL+Implementation+Phase%3a+Security+Practices
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bImplementation%2bPhase%253a%2bSecurity%2bPractices
http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/896e9074-b9f5-4b45-8b3e-15ca311468b3.mp4
In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, discusses the implementation security practices of the “Implementation” phase of the Microsoft SDL. Peter uses the definition of what makes secure code as a point of departure, explaining then the benefits of the ease and repeatability the Microsoft SDL process brings to creation of such code. Peter then covers importance of proper usage of tools that are used during the Implementation Phase and dives into discussion of IDEs, compilers, parsers, linkers and static analysis applications.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL Microsoft Security Development Lifecycle Security Talk Series Webcast Check out Windows Azure Subscriptions- Run Time:
- 36:37
- Uploaded:
- 12/15/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/896e9074-b9f5-4b45-8b3e-15ca311468b3.mp4" width="800px" height="600px"></embed>
-
Microsoft SDL Verification Phase: Security Practices
Microsoft+SDL+Verification+Phase%3a+Security+Practices
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bVerification%2bPhase%253a%2bSecurity%2bPractices
http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/20dc31dc-72c0-497e-a83d-4773b38bb52f.mp4
In this video, Aviram Jenik, CEO, Beyond Security, talks about processes that help build secure systems, focusing on the Verification phase of the Microsoft Security Development Lifecycle. Aviram discusses the concept of “black box” testing, explains the importance of testing data entry endpoints with good, bad and fuzzed input, and points to the tools that can assist with these tasks. On a practical side, Aviram shows a detailed demo of “JPG fuzzing”, generating malformed images, and identifying vulnerabilities in image processing application.- Run Time:
- 21:44
- Uploaded:
- 12/15/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/20dc31dc-72c0-497e-a83d-4773b38bb52f.mp4" width="800px" height="600px"></embed>
-
Microsoft SDL Requirements Phase: Security Practices
Microsoft+SDL+Requirements+Phase%3a+Security+Practices
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bRequirements%2bPhase%253a%2bSecurity%2bPractices
http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/3d2324be-efe4-4e27-a5de-e29bbddb9c52.mp4
In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about the security practices of the “Requirements” phase of the Microsoft SDL. Chris and Robert explain the benefits of following the Microsoft SDL to building more secure, reliable, and standard-compliant software.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL http://go.microsoft.com/?linkid=9708425 Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl Security Talk Series webcasts www.microsoft.com/events/series/securitytalk- Run Time:
- 12:32
- Uploaded:
- 12/14/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/3d2324be-efe4-4e27-a5de-e29bbddb9c52.mp4" width="800px" height="600px"></embed>
-
Applying Microsoft SDL Requirements Practices within Windows Azure
Applying+Microsoft+SDL+Requirements+Practices+within+Windows+Azure
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bRequirements%2bPractices%2bwithin%2bWindows%2bAzure
http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/11945b56-0c91-4ccf-b09a-fda88fa6be4e.mp4
In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about applying Microsoft SDL Requirements security practices to applications built on top of Windows Azure, focusing on the “Requirements” phase. Chris and Robert stress the similarities of Windows Azure applications to regular web applications, explaining that you won’t be operating in an entirely new environment, talk about decreased need to focus on infrastructure and platform and increased focus on securing the application layer. The presenters explain the similarities and differences in planning for security and privacy when deploying to Windows Azure, and explain how to map the existing and new risks to the cloud-based environment.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL http://go.microsoft.com/?linkid=9708425 Whitepaper: Security Best Practices for Developing Windows Azure Applications http://go.microsoft.com/?linkid=9751872 Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl Security Talk Series webcasts www.microsoft.com/events/series/securitytalk Check out Windows Azure Subscriptions bit.ly/AzurePromo- Run Time:
- 17:07
- Uploaded:
- 12/14/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/11945b56-0c91-4ccf-b09a-fda88fa6be4e.mp4" width="800px" height="600px"></embed>
-
Applying Microsoft SDL Verification Practices within Windows Azure
Applying+Microsoft+SDL+Verification+Practices+within+Windows+Azure
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bVerification%2bPractices%2bwithin%2bWindows%2bAzure
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1cae5666-e36f-4e7f-9bf3-3cee7f3951de.mp4
In this video, Aviram Jenik, CEO, Beyond Security, talks about applying Microsoft SDL to applications built on top of Windows Azure applications, focusing on the Verification phase of the Microsoft Security Development Lifecycle. Aviram explains how “black box” testing concept is increasingly relevant in the world of cloud-based applications, mentions classic user input attacks such as SQL injection and Cross Site Scripting (XSS), and enumerates different inputs that should be focused on with Windows Azure-based applications.- Run Time:
- 18:43
- Uploaded:
- 12/14/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1cae5666-e36f-4e7f-9bf3-3cee7f3951de.mp4" width="800px" height="600px"></embed>
-
Microsoft SDL Design Phase: Security Practices
Microsoft+SDL+Design+Phase%3a+Security+Practices
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bDesign%2bPhase%253a%2bSecurity%2bPractices
http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/48a87adf-5a43-4a9b-97e5-e769892fbf80.mp4
In this video, Joe Basirico, Director of Security Services, Security Innovation, speaks about the “Design” phase of the Microsoft SDL. Joe explains how designing secure systems sometimes requires thinking “backwards” - instead of focusing on features of what the system should do, one should think of what the system should NOT do. Taking this as a departing point, Joe dives into a discussion of foundational design principles of building secure software, including least privilege, compartmentalization, input validation, auditing and logging, cryptography and avoiding the “Not Invented Here” trap.- Run Time:
- 50:26
- Uploaded:
- 12/09/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/48a87adf-5a43-4a9b-97e5-e769892fbf80.mp4" width="800px" height="600px"></embed>
-
Applying Microsoft SDL Design Practices within Windows Azure
Applying+Microsoft+SDL+Design+Practices+within+Windows+Azure
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bDesign%2bPractices%2bwithin%2bWindows%2bAzure
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a4b1d469-0b0e-444e-b42b-fe8ecaf9069f.mp4
In this video, Joe Basirico, Director of Security Services, Security Innovation, speaks about mapping concepts from the "Design" phase of the Microsoft SDL to software targeting Windows Azure platform. Joe highlights what changes and what does not change for the application design when application is moving to the cloud, and then digs deeper into those areas, including impact the Azure VM model brings to the application trust, designing for secure storage, and claims-based authorization. Joe then focuses on discussion of the cryptography, explaining the pitfalls of rolling your own and suggest designs for securing key infrastructure.- Run Time:
- 29:12
- Uploaded:
- 12/09/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a4b1d469-0b0e-444e-b42b-fe8ecaf9069f.mp4" width="800px" height="600px"></embed>
-
MSF-Agile + SDL Process Template
MSF-Agile+%2b+SDL+Process+Template
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMSF-Agile%2b%252b%2bSDL%2bProcess%2bTemplate
http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/de0fb4da-39a6-434e-8321-4f79b867717a.mp4
Watch this short video to learn more about the MSF-Agile+SDL Process Template. The MSF-Agile+SDL Template is one of many templates and tools available to help you implement the Microsoft SDL. MSF-Agile+SDL Process Template is a Team Foundation Server downloadable template that automatically incorporates the policy, process and tools associated with the SDL for Agile development guidance into the familiar Microsoft Solutions Framework (MSF) for Agile software development (MSF-Agile) process template that ships with Visual Studio Team System.- Run Time:
- 6:30
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/de0fb4da-39a6-434e-8321-4f79b867717a.mp4" width="800px" height="600px"></embed>
-
Anti-Cross Site Scripting (XSS) Library
Anti-Cross+Site+Scripting+(XSS)+Library
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dAnti-Cross%2bSite%2bScripting%2b(XSS)%2bLibrary
http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/93563e6b-d03e-411a-8d99-aa7a435fc3f9.mp4
Watch this short video to learn about Anti-XSS library. It's one of many tools available in the Microsoft SDL Toolset that can help you automate and implement the Microsoft SDL Process Guidance.- Run Time:
- 10:58
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/93563e6b-d03e-411a-8d99-aa7a435fc3f9.mp4" width="800px" height="600px"></embed>
-
SiteLock ATL (Active Library Template)
SiteLock+ATL+(Active+Library+Template)
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSiteLock%2bATL%2b(Active%2bLibrary%2bTemplate)
http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/ae854400-f2ab-4d46-888c-5127fc816c21.mp4
Watch this short video to learn more about the SiteLock ATL (Active Library Template). SiteLock ATL is one of the many free templates and tools that are available as part of the Microsoft SDL Toolset. The SiteLock ATL template enables an ActiveX developer to restrict access so that a control is only deemed safe when used in a predetermined list of domains. This limits the ability of Web page authors to reuse the control for malicious purposes.- Run Time:
- 5:16
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/ae854400-f2ab-4d46-888c-5127fc816c21.mp4" width="800px" height="600px"></embed>
-
SDL Threat Modeling Tool
SDL+Threat+Modeling+Tool
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bThreat%2bModeling%2bTool
http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/12091545-a1a4-4514-9081-d5b48f675769.mp4
Watch this short video to learn more about the SDL Threat Modeling tool. The SDL Threat Modeling Tool is one of many free tools made available as part of the SDL Toolset. The SDL Threat Modeling Tool is the first threat modeling tool which isn't designed for security experts. It makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models.- Run Time:
- 10:33
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/12091545-a1a4-4514-9081-d5b48f675769.mp4" width="800px" height="600px"></embed>
-
FxCop
FxCop
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dFxCop
http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/71702652-adcd-4b06-8b2b-0fe1e0d93645.mp4
Watch this short video to learn more about FxCop. FxCop is a tool that performs static code analysis of .NET code. It provides hundreds of rules that perform various types of analysis, to include Design, Globalization, Interoperability, Maintainability, Mobility, Naming, Performance, Portability, Reliability, Security, and Usage. For more detailed information please consult the Visual Studio 2010 MSDN documentation. The FxCop functionality is fully integrated into Visual Studio 2010 Premium and Ultimate editions.- Run Time:
- 5:37
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/71702652-adcd-4b06-8b2b-0fe1e0d93645.mp4" width="800px" height="600px"></embed>
-
SDL Process Template
SDL+Process+Template
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bProcess%2bTemplate
http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9a266d70-0b69-4e84-8960-ec55ac36a954.mp4
Watch this short video to learn more about the SDL Process Template. The SDL Process Template is one of many free templates and tools available in the Microsoft SDL Toolset. The SDL Process teamplate is a downloadable template that leverages the technology of Visual Studio Team System (VSTS) and Team Foundation Server (TFS) to automatically integrate the policy, process and tools associated with the Security Development Lifecycle version into your software development environment.- Run Time:
- 7:28
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9a266d70-0b69-4e84-8960-ec55ac36a954.mp4" width="800px" height="600px"></embed>
-
Code Analysis for C/C++
Code+Analysis+for+C%2fC%2b%2b
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dCode%2bAnalysis%2bfor%2bC%252fC%252b%252b
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/e66547b2-5a25-4792-9e5a-35c6f3366ba2.mp4
Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with the installation of Visual Studio Team System or Visual Studio Team Suite, that provides information to developers about possible vulnerabilities in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.- Run Time:
- 9:54
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/e66547b2-5a25-4792-9e5a-35c6f3366ba2.mp4" width="800px" height="600px"></embed>
-
Banned.h Header File
Banned.h+Header+File
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dBanned.h%2bHeader%2bFile
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/978041da-45b5-451c-a590-6674b879c787.mp4
Watch this short video to learn more about the Banned.h header file. Banned.h header file is one of the many free resources in the Microsoft SDL Toolset. The banned.h header file is a sanitizing resource, which supports the Microsoft SDL requirement to remove banned functions from code. It lists all banned APIs and allows any developer to locate them in code.- Run Time:
- 4:16
- Uploaded:
- 12/07/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/978041da-45b5-451c-a590-6674b879c787.mp4" width="800px" height="600px"></embed>
-
CAT.NET
CAT.NET
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dCAT.NET
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a2e325a7-d31e-4f52-b293-b60dcbcd3790.mp4
Watch this short video on CAT.NET. CAT.NET tool is one of the many free tools that are available as part of the Microsoft SDL Toolset. It's available in both 32-bit and 64-bit versions. CAT.NET is a command line tool that helps you identify security flaws within a managed code (C#, Visual Basic .NET, J#) application you are developing. It does so by scanning the binary and/or assembly of the application, and tracing the data flow among its statements, methods, and assemblies. CAT.NET also helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection, and XPath Injection.- Run Time:
- 4:59
- Uploaded:
- 12/06/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a2e325a7-d31e-4f52-b293-b60dcbcd3790.mp4" width="800px" height="600px"></embed>
-
SDL Regex Fuzzer
SDL+Regex+Fuzzer
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bRegex%2bFuzzer
http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9117537e-87e8-44aa-a46e-707d77c38e4d.mp4
Watch this short video to learn more about SDL Regex Fuzzer. SDL Regex Fuzzer is one of the many free tools in the Microsoft SDL Toolset. Regex Fuzzer can help test regular expressions for these potential vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.- Run Time:
- 6:40
- Uploaded:
- 12/06/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9117537e-87e8-44aa-a46e-707d77c38e4d.mp4" width="800px" height="600px"></embed>
-
Simplified Implementation of the Microsoft SDL
Simplified+Implementation+of+the+Microsoft+SDL
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSimplified%2bImplementation%2bof%2bthe%2bMicrosoft%2bSDL
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dc708182-20e8-4658-8944-4b47d56c8503.mp4
This video helps to illustrate the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activities that should be performed in order to claim compliance with the SDL process.- Run Time:
- 24:29
- Uploaded:
- 12/06/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dc708182-20e8-4658-8944-4b47d56c8503.mp4" width="800px" height="600px"></embed>
-
SDL Tools Overview
SDL+Tools+Overview
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bTools%2bOverview
http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/998c2518-1a9a-4ea6-961c-89de2ac2ade6.mp4
Watch this short video on the Microsoft SDL Toolset overview. Doug Cavit, from the Microsoft SDL engineering team, explains why IT executives and managers should encourage their development teams to download the SDL Implementation guidance and SDL tools to see how they can implement a software security assurance process such as the Microsoft SDL. The Microsoft SDL toolset is meant to work together to help a company implement all the phases of the Microsoft SDL from requirements to software release. The Microsoft SDL toolset and process guidance are both FREE to download by our customers from the Microsoft SDL website. All the tools in the Microsoft SDL toolset are meant to work together, so that companies can write secure software easier.- Run Time:
- 2:41
- Uploaded:
- 12/06/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/998c2518-1a9a-4ea6-961c-89de2ac2ade6.mp4" width="800px" height="600px"></embed>
-
MiniFuzz File Fuzzer
MiniFuzz+File+Fuzzer
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMiniFuzz%2bFile%2bFuzzer
http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dbcab1b4-0bbc-430f-8494-15cb2d59b6ac.mp4
Watch this short video on MiniFuzz File Fuzzer. MiniFuzz is one of the many free tools that are available as part of the Microsoft SDL Toolset. MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.- Run Time:
- 6:23
- Uploaded:
- 12/06/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dbcab1b4-0bbc-430f-8494-15cb2d59b6ac.mp4" width="800px" height="600px"></embed>
-
BinScope Binary Analyzer
BinScope+Binary+Analyzer
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dBinScope%2bBinary%2bAnalyzer
http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/28ec6268-6572-46d9-ba1c-41ab3e040818.mp4
Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsoft SDL Toolset. BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place, and the latest good ATL headers are being used. BinScope also reports on dangerous constructs that are prohibited by SDL.- Run Time:
- 6:14
- Uploaded:
- 12/06/10
- Embed:
-
Get Code... Hide Code...
<embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/28ec6268-6572-46d9-ba1c-41ab3e040818.mp4" width="800px" height="600px"></embed>
-
Security Development Lifecycle for Agile | TechNet Edge
Security+Development+Lifecycle+for+Agile+%7c+TechNet+Edge
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSecurity%2bDevelopment%2bLifecycle%2bfor%2bAgile%2b%257c%2bTechNet%2bEdge
http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/7772aef0-e6a6-4b9b-acf7-119d712393ea.wmv
Bryan Sullivan, Senior Security Program Manager for Microsoft, illustrates how teams can ensure applications developed with rapid release cycles are still developed in a secure manner. Many development organizations use Agile software development methodologies to build their applications, yet Agile – just like every other development methodology – does not inherently produce secure deliverables. Secure development practices need to be “baked-in” throughout every iteration or sprint. The Security Development Lifecycle for Agile (SDL-Agile) process defines a set of activities that development teams can follow to reduce security vulnerabilities. SDL-Agile also specifies the conditions and frequencies with which these activities should be performed, in order to optimize the security of the delivered product and to ensure that teams have the time and freedom to innovate and create new features. You can find additional information on SDL-Agile here: http://msdn.microsoft.com/en-us/library/ee790621.aspx- Run Time:
- 6:15
- Uploaded:
- 12/09/09
- Embed:
-
Get Code... Hide Code...
<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/7772aef0-e6a6-4b9b-acf7-119d712393ea.wmv" width="800px" height="600px"></embed>
-
Client and Cloud Security | TechNet Edge
Client+and+Cloud+Security+%7c+TechNet+Edge
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dClient%2band%2bCloud%2bSecurity%2b%257c%2bTechNet%2bEdge
http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/eec9e79b-0232-475d-a3fc-838b8dd7cd87.wmv
Steve Lipner, Senior Director of Security Engineering Strategy for Microsoft's Trustworthy Computing group talks about client and cloud secuirty.- Run Time:
- 7:24
- Uploaded:
- 12/08/09
- Embed:
-
Get Code... Hide Code...
<embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/eec9e79b-0232-475d-a3fc-838b8dd7cd87.wmv" width="800px" height="600px"></embed>
-
MiniFuzz Overview and Demo | TechNet Edge
MiniFuzz+Overview+and+Demo+%7c+TechNet+Edge
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMiniFuzz%2bOverview%2band%2bDemo%2b%257c%2bTechNet%2bEdge
http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/789ede4b-47b6-4e79-bd75-0346a7ff9d6f.wmv
This brief video gives a brief overview of the MiniFuzz File Fuzzer and then walks through how to configure and use MiniFuzz to perform fuzz testing on an application. The walkthrough launches MiniFuzz as an add-on to Visual Studio and demonstrates integration with TFS, showing automatic creation of work items from detected crashes. Download MiniFuzz here to get started with this easy to use file fuzzing tool. Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.- Run Time:
- 7:39
- Uploaded:
- 09/16/09
- Embed:
-
Get Code... Hide Code...
<embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/789ede4b-47b6-4e79-bd75-0346a7ff9d6f.wmv" width="800px" height="600px"></embed>
-
BinScope Overview and Demo | TechNet Edge
BinScope+Overview+and+Demo+%7c+TechNet+Edge
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dBinScope%2bOverview%2band%2bDemo%2b%257c%2bTechNet%2bEdge
http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/077c2435-e34b-45b8-8f82-46939ac2be7a.wmv
This brief video gives a brief overview of the BinScope Binary Analyzer and then walks through how to configure and use BinScope to analyze an application within Visual Studio. The walkthrough demonstrates integration with TFS and the SDL Process Template, showing easy creation of work items from detected problems. Download BinScope here and begin leveraging the verification capabilities of BinScope immediately. Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.- Run Time:
- 8:49
- Uploaded:
- 09/16/09
- Embed:
-
Get Code... Hide Code...
<embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/077c2435-e34b-45b8-8f82-46939ac2be7a.wmv" width="800px" height="600px"></embed>
-
-
Related Videos
-
Trust Me, I’m a Cloud Vendor
Trust+Me%2c+I%e2%80%99m+a+Cloud+Vendor
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dTrust%2bMe%252c%2bI%25e2%2580%2599m%2ba%2bCloud%2bVendor
http://content5.catalog.video.msn.com/e2/ds/2778915e-a5fc-475e-b7b7-8fb89a44da39.mp4
Most significant technological advances have needed trust to succeed. It’s the same with the Cloud. Customers and partners want a provider to deliver a reliable, secure service that protects data privacy. What should you consider when evaluating vendor capabilities in the Cloud? Adrienne Hall, general manager, Trustworthy Computing, explores some of the attributes that cloud providers must demonstrate to earn trust.- Run Time:
- 28:01
- Uploaded:
- 11/09/11
- Embed:
-
Get Code... Hide Code...
<embed src="http://content5.catalog.video.msn.com/e2/ds/2778915e-a5fc-475e-b7b7-8fb89a44da39.mp4" width="800px" height="600px"></embed>
-
What is Security Science
What+is+Security+Science
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dWhat%2bis%2bSecurity%2bScience
http://content4.catalog.video.msn.com/e2/ds/eb88643d-7b05-475c-99b6-778675572bd0.mp4
The focus of this video is to highlight the proactive work of the Trustworthy Computing corporate tenet and the value of that work to Microsoft’s customers and the companies who power the computing ecosystem with the goal of providing secure, private, and reliable computing experiences for everyone.- Run Time:
- 11:17
- Uploaded:
- 06/15/11
- Embed:
-
Get Code... Hide Code...
<embed src="http://content4.catalog.video.msn.com/e2/ds/eb88643d-7b05-475c-99b6-778675572bd0.mp4" width="800px" height="600px"></embed>
-
Consumerization of IT and Sophistication of Attacks
Consumerization+of+IT+and+Sophistication+of+Attacks
http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dConsumerization%2bof%2bIT%2band%2bSophistication%2bof%2bAttacks
http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1db2e77d-ba2f-49ed-a09b-3409a12d636b.mp4
In this video we discuss how cybercriminals use marketing-like tactics to target consumers, how that can impact an organization, and provide guidance on how to stay protected. Visit the Security Intelligence Report website for more information - www.microsoft.com/sir.- Run Time:
- 9:55
- Uploaded:
- 05/12/11
- Embed:
-
Get Code... Hide Code...
<embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1db2e77d-ba2f-49ed-a09b-3409a12d636b.mp4" width="800px" height="600px"></embed>
-