Microsoft Security Development Lifecycle

Locations

United States Change All Microsoft Sites

Search


  • SDL Videos

    • SDL 10 year Anniversary

      SDL 10 year Anniversary

      SDL+10+year+Anniversary

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2b10%2byear%2bAnniversary

      http://content5.catalog.video.msn.com/e2/ds/0442749d-3548-4c47-9716-22c64f928966.mp4

      Eric Bidstrup and Steve Lipner reminisce about their challenges in getting the Microsoft SDL adopted at Microsoft and accepted into Microsoft’s engineering culture.
      • Run Time:
      • 04:17
      • Uploaded:
      • 01/31/12
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content5.catalog.video.msn.com/e2/ds/0442749d-3548-4c47-9716-22c64f928966.mp4" width="800px" height="600px"></embed>

    • Microsoft Security Development Lifecycle (SDL) Progress Report: SDL Progress Report

      Microsoft Security Development Lifecycle (SDL) Progress Report: SDL Progress Report

      Microsoft+Security+Development+Lifecycle+(SDL)+Progress+Report%3a+SDL+Progress+Report

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSecurity%2bDevelopment%2bLifecycle%2b(SDL)%2bProgress%2bReport%253a%2bSDL%2bProgress%2bReport

      http://content1.catalog.video.msn.com/e2/ds/3d3a1bd5-0a77-40a2-be40-d97d11a19c19.mp4

      Steve Lipner and Doug Cavit from the Microsoft Security Development Lifecycle (SDL) team discuss in depth the evolution of the Microsoft SDL, and the progress made in using the SDL and security science to reduce vulnerabilities and mitigate threats to Microsoft software and services.
      • Run Time:
      • 18:32
      • Uploaded:
      • 02/1/12
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/3d3a1bd5-0a77-40a2-be40-d97d11a19c19.mp4" width="800px" height="600px"></embed>

    • Microsoft SDL Release Phase: Security Practices

      Microsoft SDL Release Phase: Security Practices

      Microsoft+SDL+Release+Phase%3a+Security+Practices

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bRelease%2bPhase%253a%2bSecurity%2bPractices

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/70e1fc18-c60e-4734-a02c-6becae66750c.mp4

      In this video, Jason Glassberg, Co-Founder, Casaba, discusses the three security practices of the Microsoft SDL Release phase. Jason talks about the planning for post-release contingencies by creating a well thought-out incident response plan, then stresses the importance of the application of a Final Security Review, its outcomes and mitigation of any outstanding issues. Finally he discusses the archiving of all pertinent information and data to allow for post-release servicing of the software.
      • Run Time:
      • 6:17
      • Uploaded:
      • 01/18/11
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/70e1fc18-c60e-4734-a02c-6becae66750c.mp4" width="800px" height="600px"></embed>

    • Applying Microsoft SDL Release Practices within Windows Azure

      Applying Microsoft SDL Release Practices within Windows Azure

      Applying+Microsoft+SDL+Release+Practices+within+Windows+Azure

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bRelease%2bPractices%2bwithin%2bWindows%2bAzure

      http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/659f8a4a-254e-4917-b072-209c2a681e05.mp4

      In this video, Jason Glassberg, Co-Founder, Casaba, speaks about the Release phase of the Microsoft SDL and how to apply the Microsoft SDL release phase practices to applications built on top of Windows Azure. Jason explains that the Microsoft SDL can apply to any cloud-based deployment, but focuses on Windows Azure, explaining that the steps are very similar to a typical on-premises application (File an Incident Response Plan, Perform a Final Security Review and Release Archive). In Azure, the importance of understanding of the platform is doubly-important in preparing an Incident Response Plan because rollback and stopping of deployment is vastly simpler than in on-premises or full-platform hosted deployment. Because Azure makes it so simple to deploy applications, Jason emphasizes the importance of reviewing the deployment and securing deployment-related artifacts such as management accounts, access to Service Management API and SSL certificates used by applications.
      • Run Time:
      • 8:04
      • Uploaded:
      • 01/18/11
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/659f8a4a-254e-4917-b072-209c2a681e05.mp4" width="800px" height="600px"></embed>

    • Applying Microsoft SDL Implementation Practices within Windows Azure

      Applying Microsoft SDL Implementation Practices within Windows Azure

      Applying+Microsoft+SDL+Implementation+Practices+within+Windows+Azure

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bImplementation%2bPractices%2bwithin%2bWindows%2bAzure

      http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/da4120e6-7f4a-4d5f-a324-049150a713dd.mp4

      In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, explains how the Implementation phase of the Microsoft SDL applies to building Windows Azure application. He starts first by defining both the similarities and key differences between implementation of on-premises solutions and Windows Azure-based applications. Following the theme of Peter’s previous theory video, Peter dives into specific tools that can be of use to secure implementation of applications on Windows Azure, including Checkmarx, Coverity and Veracode. The conversation then moves to properly implementing defenses against usual web threats (SQL injection, XSS, authentication, etc.) in the Windows Azure web applications.
      • Run Time:
      • 33:08
      • Uploaded:
      • 01/18/11
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/da4120e6-7f4a-4d5f-a324-049150a713dd.mp4" width="800px" height="600px"></embed>

    • Microsoft SDL Implementation Phase: Security Practices

      Microsoft SDL Implementation Phase: Security Practices

      Microsoft+SDL+Implementation+Phase%3a+Security+Practices

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bImplementation%2bPhase%253a%2bSecurity%2bPractices

      http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/896e9074-b9f5-4b45-8b3e-15ca311468b3.mp4

      In this video, Peter Oehlert, Senior Security Consultant, iSEC Partners, discusses the implementation security practices of the “Implementation” phase of the Microsoft SDL. Peter uses the definition of what makes secure code as a point of departure, explaining then the benefits of the ease and repeatability the Microsoft SDL process brings to creation of such code. Peter then covers importance of proper usage of tools that are used during the Implementation Phase and dives into discussion of IDEs, compilers, parsers, linkers and static analysis applications.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL Microsoft Security Development Lifecycle Security Talk Series Webcast Check out Windows Azure Subscriptions
      • Run Time:
      • 36:37
      • Uploaded:
      • 12/15/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/896e9074-b9f5-4b45-8b3e-15ca311468b3.mp4" width="800px" height="600px"></embed>

    • Microsoft SDL Verification Phase: Security Practices

      Microsoft SDL Verification Phase: Security Practices

      Microsoft+SDL+Verification+Phase%3a+Security+Practices

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bVerification%2bPhase%253a%2bSecurity%2bPractices

      http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/20dc31dc-72c0-497e-a83d-4773b38bb52f.mp4

      In this video, Aviram Jenik, CEO, Beyond Security, talks about processes that help build secure systems, focusing on the Verification phase of the Microsoft Security Development Lifecycle. Aviram discusses the concept of “black box” testing, explains the importance of testing data entry endpoints with good, bad and fuzzed input, and points to the tools that can assist with these tasks. On a practical side, Aviram shows a detailed demo of “JPG fuzzing”, generating malformed images, and identifying vulnerabilities in image processing application.
      • Run Time:
      • 21:44
      • Uploaded:
      • 12/15/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/20dc31dc-72c0-497e-a83d-4773b38bb52f.mp4" width="800px" height="600px"></embed>

    • Microsoft SDL Requirements Phase: Security Practices

      Microsoft SDL Requirements Phase: Security Practices

      Microsoft+SDL+Requirements+Phase%3a+Security+Practices

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bRequirements%2bPhase%253a%2bSecurity%2bPractices

      http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/3d2324be-efe4-4e27-a5de-e29bbddb9c52.mp4

      In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about the security practices of the “Requirements” phase of the Microsoft SDL. Chris and Robert explain the benefits of following the Microsoft SDL to building more secure, reliable, and standard-compliant software.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL http://go.microsoft.com/?linkid=9708425 Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl Security Talk Series webcasts www.microsoft.com/events/series/securitytalk
      • Run Time:
      • 12:32
      • Uploaded:
      • 12/14/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/3d2324be-efe4-4e27-a5de-e29bbddb9c52.mp4" width="800px" height="600px"></embed>

    • Applying Microsoft SDL Requirements Practices within Windows Azure

      Applying Microsoft SDL Requirements Practices within Windows Azure

      Applying+Microsoft+SDL+Requirements+Practices+within+Windows+Azure

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bRequirements%2bPractices%2bwithin%2bWindows%2bAzure

      http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/11945b56-0c91-4ccf-b09a-fda88fa6be4e.mp4

      In this video, Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about applying Microsoft SDL Requirements security practices to applications built on top of Windows Azure, focusing on the “Requirements” phase. Chris and Robert stress the similarities of Windows Azure applications to regular web applications, explaining that you won’t be operating in an entirely new environment, talk about decreased need to focus on infrastructure and platform and increased focus on securing the application layer. The presenters explain the similarities and differences in planning for security and privacy when deploying to Windows Azure, and explain how to map the existing and new risks to the cloud-based environment.Related resources:Whitepaper: The Simplified Implementation of the Microsoft SDL http://go.microsoft.com/?linkid=9708425 Whitepaper: Security Best Practices for Developing Windows Azure Applications http://go.microsoft.com/?linkid=9751872 Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl Security Talk Series webcasts www.microsoft.com/events/series/securitytalk Check out Windows Azure Subscriptions bit.ly/AzurePromo
      • Run Time:
      • 17:07
      • Uploaded:
      • 12/14/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/11945b56-0c91-4ccf-b09a-fda88fa6be4e.mp4" width="800px" height="600px"></embed>

    • Applying Microsoft SDL Verification Practices within Windows Azure

      Applying Microsoft SDL Verification Practices within Windows Azure

      Applying+Microsoft+SDL+Verification+Practices+within+Windows+Azure

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bVerification%2bPractices%2bwithin%2bWindows%2bAzure

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1cae5666-e36f-4e7f-9bf3-3cee7f3951de.mp4

      In this video, Aviram Jenik, CEO, Beyond Security, talks about applying Microsoft SDL to applications built on top of Windows Azure applications, focusing on the Verification phase of the Microsoft Security Development Lifecycle. Aviram explains how “black box” testing concept is increasingly relevant in the world of cloud-based applications, mentions classic user input attacks such as SQL injection and Cross Site Scripting (XSS), and enumerates different inputs that should be focused on with Windows Azure-based applications.
      • Run Time:
      • 18:43
      • Uploaded:
      • 12/14/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1cae5666-e36f-4e7f-9bf3-3cee7f3951de.mp4" width="800px" height="600px"></embed>

    • Microsoft SDL Design Phase: Security Practices

      Microsoft SDL Design Phase: Security Practices

      Microsoft+SDL+Design+Phase%3a+Security+Practices

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMicrosoft%2bSDL%2bDesign%2bPhase%253a%2bSecurity%2bPractices

      http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/48a87adf-5a43-4a9b-97e5-e769892fbf80.mp4

      In this video, Joe Basirico, Director of Security Services, Security Innovation, speaks about the “Design” phase of the Microsoft SDL. Joe explains how designing secure systems sometimes requires thinking “backwards” - instead of focusing on features of what the system should do, one should think of what the system should NOT do. Taking this as a departing point, Joe dives into a discussion of foundational design principles of building secure software, including least privilege, compartmentalization, input validation, auditing and logging, cryptography and avoiding the “Not Invented Here” trap.
      • Run Time:
      • 50:26
      • Uploaded:
      • 12/09/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/48a87adf-5a43-4a9b-97e5-e769892fbf80.mp4" width="800px" height="600px"></embed>

    • Applying Microsoft SDL Design Practices within Windows Azure

      Applying Microsoft SDL Design Practices within Windows Azure

      Applying+Microsoft+SDL+Design+Practices+within+Windows+Azure

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dApplying%2bMicrosoft%2bSDL%2bDesign%2bPractices%2bwithin%2bWindows%2bAzure

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a4b1d469-0b0e-444e-b42b-fe8ecaf9069f.mp4

      In this video, Joe Basirico, Director of Security Services, Security Innovation, speaks about mapping concepts from the "Design" phase of the Microsoft SDL to software targeting Windows Azure platform. Joe highlights what changes and what does not change for the application design when application is moving to the cloud, and then digs deeper into those areas, including impact the Azure VM model brings to the application trust, designing for secure storage, and claims-based authorization. Joe then focuses on discussion of the cryptography, explaining the pitfalls of rolling your own and suggest designs for securing key infrastructure.
      • Run Time:
      • 29:12
      • Uploaded:
      • 12/09/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a4b1d469-0b0e-444e-b42b-fe8ecaf9069f.mp4" width="800px" height="600px"></embed>

    • MSF-Agile + SDL Process Template

      MSF-Agile + SDL Process Template

      MSF-Agile+%2b+SDL+Process+Template

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMSF-Agile%2b%252b%2bSDL%2bProcess%2bTemplate

      http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/de0fb4da-39a6-434e-8321-4f79b867717a.mp4

      Watch this short video to learn more about the MSF-Agile+SDL Process Template. The MSF-Agile+SDL Template is one of many templates and tools available to help you implement the Microsoft SDL. MSF-Agile+SDL Process Template is a Team Foundation Server downloadable template that automatically incorporates the policy, process and tools associated with the SDL for Agile development guidance into the familiar Microsoft Solutions Framework (MSF) for Agile software development (MSF-Agile) process template that ships with Visual Studio Team System.
      • Run Time:
      • 6:30
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/de0fb4da-39a6-434e-8321-4f79b867717a.mp4" width="800px" height="600px"></embed>

    • Anti-Cross Site Scripting (XSS) Library

      Anti-Cross Site Scripting (XSS) Library

      Anti-Cross+Site+Scripting+(XSS)+Library

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dAnti-Cross%2bSite%2bScripting%2b(XSS)%2bLibrary

      http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/93563e6b-d03e-411a-8d99-aa7a435fc3f9.mp4

      Watch this short video to learn about Anti-XSS library. It's one of many tools available in the Microsoft SDL Toolset that can help you automate and implement the Microsoft SDL Process Guidance.
      • Run Time:
      • 10:58
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/93563e6b-d03e-411a-8d99-aa7a435fc3f9.mp4" width="800px" height="600px"></embed>

    • SiteLock ATL (Active Library Template)

      SiteLock ATL (Active Library Template)

      SiteLock+ATL+(Active+Library+Template)

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSiteLock%2bATL%2b(Active%2bLibrary%2bTemplate)

      http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/ae854400-f2ab-4d46-888c-5127fc816c21.mp4

      Watch this short video to learn more about the SiteLock ATL (Active Library Template). SiteLock ATL is one of the many free templates and tools that are available as part of the Microsoft SDL Toolset. The SiteLock ATL template enables an ActiveX developer to restrict access so that a control is only deemed safe when used in a predetermined list of domains. This limits the ability of Web page authors to reuse the control for malicious purposes.
      • Run Time:
      • 5:16
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/ae854400-f2ab-4d46-888c-5127fc816c21.mp4" width="800px" height="600px"></embed>

    • SDL Threat Modeling Tool

      SDL Threat Modeling Tool

      SDL+Threat+Modeling+Tool

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bThreat%2bModeling%2bTool

      http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/12091545-a1a4-4514-9081-d5b48f675769.mp4

      Watch this short video to learn more about the SDL Threat Modeling tool. The SDL Threat Modeling Tool is one of many free tools made available as part of the SDL Toolset. The SDL Threat Modeling Tool is the first threat modeling tool which isn't designed for security experts. It makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models.
      • Run Time:
      • 10:33
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/12091545-a1a4-4514-9081-d5b48f675769.mp4" width="800px" height="600px"></embed>

    • FxCop

      FxCop

      FxCop

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dFxCop

      http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/71702652-adcd-4b06-8b2b-0fe1e0d93645.mp4

      Watch this short video to learn more about FxCop. FxCop is a tool that performs static code analysis of .NET code. It provides hundreds of rules that perform various types of analysis, to include Design, Globalization, Interoperability, Maintainability, Mobility, Naming, Performance, Portability, Reliability, Security, and Usage. For more detailed information please consult the Visual Studio 2010 MSDN documentation. The FxCop functionality is fully integrated into Visual Studio 2010 Premium and Ultimate editions.
      • Run Time:
      • 5:37
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/71702652-adcd-4b06-8b2b-0fe1e0d93645.mp4" width="800px" height="600px"></embed>

    • SDL Process Template

      SDL Process Template

      SDL+Process+Template

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bProcess%2bTemplate

      http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9a266d70-0b69-4e84-8960-ec55ac36a954.mp4

      Watch this short video to learn more about the SDL Process Template. The SDL Process Template is one of many free templates and tools available in the Microsoft SDL Toolset. The SDL Process teamplate is a downloadable template that leverages the technology of Visual Studio Team System (VSTS) and Team Foundation Server (TFS) to automatically integrate the policy, process and tools associated with the Security Development Lifecycle version into your software development environment.
      • Run Time:
      • 7:28
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9a266d70-0b69-4e84-8960-ec55ac36a954.mp4" width="800px" height="600px"></embed>

    • Code Analysis for C/C++

      Code Analysis for C/C++

      Code+Analysis+for+C%2fC%2b%2b

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dCode%2bAnalysis%2bfor%2bC%252fC%252b%252b

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/e66547b2-5a25-4792-9e5a-35c6f3366ba2.mp4

      Watch this short video to learn more about Code Analysis for C++. The C/C++ Code Analysis tool is a static analyzer that is provided with the installation of Visual Studio Team System or Visual Studio Team Suite, that provides information to developers about possible vulnerabilities in their C/C++ source code. Common coding errors reported by the tool include buffer overruns, un-initialized memory, null pointer dereferences, and memory and resource leaks.
      • Run Time:
      • 9:54
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/e66547b2-5a25-4792-9e5a-35c6f3366ba2.mp4" width="800px" height="600px"></embed>

    • Banned.h Header File

      Banned.h Header File

      Banned.h+Header+File

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dBanned.h%2bHeader%2bFile

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/978041da-45b5-451c-a590-6674b879c787.mp4

      Watch this short video to learn more about the Banned.h header file. Banned.h header file is one of the many free resources in the Microsoft SDL Toolset. The banned.h header file is a sanitizing resource, which supports the Microsoft SDL requirement to remove banned functions from code. It lists all banned APIs and allows any developer to locate them in code.
      • Run Time:
      • 4:16
      • Uploaded:
      • 12/07/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/978041da-45b5-451c-a590-6674b879c787.mp4" width="800px" height="600px"></embed>

    • CAT.NET

      CAT.NET

      CAT.NET

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dCAT.NET

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a2e325a7-d31e-4f52-b293-b60dcbcd3790.mp4

      Watch this short video on CAT.NET. CAT.NET tool is one of the many free tools that are available as part of the Microsoft SDL Toolset. It's available in both 32-bit and 64-bit versions. CAT.NET is a command line tool that helps you identify security flaws within a managed code (C#, Visual Basic .NET, J#) application you are developing. It does so by scanning the binary and/or assembly of the application, and tracing the data flow among its statements, methods, and assemblies. CAT.NET also helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection, and XPath Injection.
      • Run Time:
      • 4:59
      • Uploaded:
      • 12/06/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/a2e325a7-d31e-4f52-b293-b60dcbcd3790.mp4" width="800px" height="600px"></embed>

    • SDL Regex Fuzzer

      SDL Regex Fuzzer

      SDL+Regex+Fuzzer

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bRegex%2bFuzzer

      http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9117537e-87e8-44aa-a46e-707d77c38e4d.mp4

      Watch this short video to learn more about SDL Regex Fuzzer. SDL Regex Fuzzer is one of the many free tools in the Microsoft SDL Toolset. Regex Fuzzer can help test regular expressions for these potential vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.
      • Run Time:
      • 6:40
      • Uploaded:
      • 12/06/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/9117537e-87e8-44aa-a46e-707d77c38e4d.mp4" width="800px" height="600px"></embed>

    • Simplified Implementation of the Microsoft SDL

      Simplified Implementation of the Microsoft SDL

      Simplified+Implementation+of+the+Microsoft+SDL

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSimplified%2bImplementation%2bof%2bthe%2bMicrosoft%2bSDL

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dc708182-20e8-4658-8944-4b47d56c8503.mp4

      This video helps to illustrate the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activities that should be performed in order to claim compliance with the SDL process.
      • Run Time:
      • 24:29
      • Uploaded:
      • 12/06/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dc708182-20e8-4658-8944-4b47d56c8503.mp4" width="800px" height="600px"></embed>

    • SDL Tools Overview

      SDL Tools Overview

      SDL+Tools+Overview

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSDL%2bTools%2bOverview

      http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/998c2518-1a9a-4ea6-961c-89de2ac2ade6.mp4

      Watch this short video on the Microsoft SDL Toolset overview. Doug Cavit, from the Microsoft SDL engineering team, explains why IT executives and managers should encourage their development teams to download the SDL Implementation guidance and SDL tools to see how they can implement a software security assurance process such as the Microsoft SDL. The Microsoft SDL toolset is meant to work together to help a company implement all the phases of the Microsoft SDL from requirements to software release. The Microsoft SDL toolset and process guidance are both FREE to download by our customers from the Microsoft SDL website. All the tools in the Microsoft SDL toolset are meant to work together, so that companies can write secure software easier.
      • Run Time:
      • 2:41
      • Uploaded:
      • 12/06/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/998c2518-1a9a-4ea6-961c-89de2ac2ade6.mp4" width="800px" height="600px"></embed>

    • MiniFuzz File Fuzzer

      MiniFuzz File Fuzzer

      MiniFuzz+File+Fuzzer

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMiniFuzz%2bFile%2bFuzzer

      http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dbcab1b4-0bbc-430f-8494-15cb2d59b6ac.mp4

      Watch this short video on MiniFuzz File Fuzzer. MiniFuzz is one of the many free tools that are available as part of the Microsoft SDL Toolset. MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.
      • Run Time:
      • 6:23
      • Uploaded:
      • 12/06/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/dbcab1b4-0bbc-430f-8494-15cb2d59b6ac.mp4" width="800px" height="600px"></embed>

    • BinScope Binary Analyzer

      BinScope Binary Analyzer

      BinScope+Binary+Analyzer

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dBinScope%2bBinary%2bAnalyzer

      http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/28ec6268-6572-46d9-ba1c-41ab3e040818.mp4

      Watch this short video to learn more about the BinScope Binary Analyzer tool. BinScope is one of the many free tools available as part of the Microsoft SDL Toolset. BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place, and the latest good ATL headers are being used. BinScope also reports on dangerous constructs that are prohibited by SDL.
      • Run Time:
      • 6:14
      • Uploaded:
      • 12/06/10
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content1.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/28ec6268-6572-46d9-ba1c-41ab3e040818.mp4" width="800px" height="600px"></embed>

    • Security Development Lifecycle for Agile | TechNet Edge

      Security Development Lifecycle for Agile | TechNet Edge

      Security+Development+Lifecycle+for+Agile+%7c+TechNet+Edge

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dSecurity%2bDevelopment%2bLifecycle%2bfor%2bAgile%2b%257c%2bTechNet%2bEdge

      http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/7772aef0-e6a6-4b9b-acf7-119d712393ea.wmv

      Bryan Sullivan, Senior Security Program Manager for Microsoft, illustrates how teams can ensure applications developed with rapid release cycles are still developed in a secure manner. Many development organizations use Agile software development methodologies to build their applications, yet Agile – just like every other development methodology – does not inherently produce secure deliverables. Secure development practices need to be “baked-in” throughout every iteration or sprint. The Security Development Lifecycle for Agile (SDL-Agile) process defines a set of activities that development teams can follow to reduce security vulnerabilities. SDL-Agile also specifies the conditions and frequencies with which these activities should be performed, in order to optimize the security of the delivered product and to ensure that teams have the time and freedom to innovate and create new features. You can find additional information on SDL-Agile here: http://msdn.microsoft.com/en-us/library/ee790621.aspx
      • Run Time:
      • 6:15
      • Uploaded:
      • 12/09/09
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/7772aef0-e6a6-4b9b-acf7-119d712393ea.wmv" width="800px" height="600px"></embed>

    • Client and Cloud Security | TechNet Edge

      Client and Cloud Security | TechNet Edge

      Client+and+Cloud+Security+%7c+TechNet+Edge

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dClient%2band%2bCloud%2bSecurity%2b%257c%2bTechNet%2bEdge

      http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/eec9e79b-0232-475d-a3fc-838b8dd7cd87.wmv

      Steve Lipner, Senior Director of Security Engineering Strategy for Microsoft's Trustworthy Computing group talks about client and cloud secuirty.
      • Run Time:
      • 7:24
      • Uploaded:
      • 12/08/09
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content5.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/eec9e79b-0232-475d-a3fc-838b8dd7cd87.wmv" width="800px" height="600px"></embed>

    • MiniFuzz Overview and Demo | TechNet Edge

      MiniFuzz Overview and Demo | TechNet Edge

      MiniFuzz+Overview+and+Demo+%7c+TechNet+Edge

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dMiniFuzz%2bOverview%2band%2bDemo%2b%257c%2bTechNet%2bEdge

      http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/789ede4b-47b6-4e79-bd75-0346a7ff9d6f.wmv

      This brief video gives a brief overview of the MiniFuzz File Fuzzer and then walks through how to configure and use MiniFuzz to perform fuzz testing on an application. The walkthrough launches MiniFuzz as an add-on to Visual Studio and demonstrates integration with TFS, showing automatic creation of work items from detected crashes. Download MiniFuzz here to get started with this easy to use file fuzzing tool. Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.
      • Run Time:
      • 7:39
      • Uploaded:
      • 09/16/09
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content4.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/789ede4b-47b6-4e79-bd75-0346a7ff9d6f.wmv" width="800px" height="600px"></embed>

    • BinScope Overview and Demo | TechNet Edge

      BinScope Overview and Demo | TechNet Edge

      BinScope+Overview+and+Demo+%7c+TechNet+Edge

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dBinScope%2bOverview%2band%2bDemo%2b%257c%2bTechNet%2bEdge

      http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/077c2435-e34b-45b8-8f82-46939ac2be7a.wmv

      This brief video gives a brief overview of the BinScope Binary Analyzer and then walks through how to configure and use BinScope to analyze an application within Visual Studio. The walkthrough demonstrates integration with TFS and the SDL Process Template, showing easy creation of work items from detected problems. Download BinScope here and begin leveraging the verification capabilities of BinScope immediately. Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.
      • Run Time:
      • 8:49
      • Uploaded:
      • 09/16/09
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content3.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET/077c2435-e34b-45b8-8f82-46939ac2be7a.wmv" width="800px" height="600px"></embed>

  • Related Videos

    • Trust Me, I’m a Cloud Vendor

      Trust Me, I’m a Cloud Vendor

      Trust+Me%2c+I%e2%80%99m+a+Cloud+Vendor

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dTrust%2bMe%252c%2bI%25e2%2580%2599m%2ba%2bCloud%2bVendor

      http://content5.catalog.video.msn.com/e2/ds/2778915e-a5fc-475e-b7b7-8fb89a44da39.mp4

      Most significant technological advances have needed trust to succeed. It’s the same with the Cloud. Customers and partners want a provider to deliver a reliable, secure service that protects data privacy. What should you consider when evaluating vendor capabilities in the Cloud? Adrienne Hall, general manager, Trustworthy Computing, explores some of the attributes that cloud providers must demonstrate to earn trust.
      • Run Time:
      • 28:01
      • Uploaded:
      • 11/09/11
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content5.catalog.video.msn.com/e2/ds/2778915e-a5fc-475e-b7b7-8fb89a44da39.mp4" width="800px" height="600px"></embed>

    • What is Security Science

      What is Security Science

      What+is+Security+Science

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dWhat%2bis%2bSecurity%2bScience

      http://content4.catalog.video.msn.com/e2/ds/eb88643d-7b05-475c-99b6-778675572bd0.mp4

      The focus of this video is to highlight the proactive work of the Trustworthy Computing corporate tenet and the value of that work to Microsoft’s customers and the companies who power the computing ecosystem with the goal of providing secure, private, and reliable computing experiences for everyone.
      • Run Time:
      • 11:17
      • Uploaded:
      • 06/15/11
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content4.catalog.video.msn.com/e2/ds/eb88643d-7b05-475c-99b6-778675572bd0.mp4" width="800px" height="600px"></embed>

    • Consumerization of IT and Sophistication of Attacks

      Consumerization of IT and Sophistication of Attacks

      Consumerization+of+IT+and+Sophistication+of+Attacks

      http%3a%2f%2fwww.microsoft.com%2fsecurity%2fsdl%2fvideo%2fdefault.aspx%3ft%3dConsumerization%2bof%2bIT%2band%2bSophistication%2bof%2bAttacks

      http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1db2e77d-ba2f-49ed-a09b-3409a12d636b.mp4

      In this video we discuss how cybercriminals use marketing-like tactics to target consumers, how that can impact an organization, and provide guidance on how to stay protected. Visit the Security Intelligence Report website for more information - www.microsoft.com/sir.
      • Run Time:
      • 9:55
      • Uploaded:
      • 05/12/11
      • Embed:
      • Get Code... Hide Code...

        <embed src="http://content2.catalog.video.msn.com/e2/ds/alt-en-us/ALTENUS_TECHNET/ALTENUS_TECHNET_EDGE/1db2e77d-ba2f-49ed-a09b-3409a12d636b.mp4" width="800px" height="600px"></embed>