|
|
|
Now available Microsoft SDL version 5 |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Jeremy Dallman here to announce that we are releasing the latest version of the Microsoft Security Development Lifecycle process guidance Version 5 SDLv5 . It is now available for download as well as updated in the MSDN library. We have released incremental updates to the SDL process guidance document since 2008 in an effort to provide transparency into how we implement the SDL at Microsoft. If you are just getting started on investigating or implementing the SDL, we would encourage you to start with the SDL Optimization Model and the Simplified Implementation of the SDL paper and then use the SDLv5 guidance as an additional reference tool as needed for your own implementation. What is new in the SDLv5 documentation We made a handful of significant changes in SDLv5 documentation. I summarize them below, but also encourage you to read the document for the detailed notes related to each search in document for New for SDL 5.0 and Updated for SDL 5.0 . 1. SDL for Agile included The largest change in SDLv5 is the inclusion of SDL for Agile Development as an Addendum at the end. We took the SDL-Agile guidance that was published in November 2009 and included it in the parent SDL document to make it a one-stop resource. 2. New and updated security requirements and recommendations Requirements Phase 1 new New Requirements Include third-party code licensing security requirements in all new contracts. Design Phase 3 new New Requirements Hardware Perform hardware security design review. Server SaaS Perform integration-points security design review. Web application Implement strong log-out and session management Implementation Phase 10 new, 1 update New Updated Requirements Use Secure methods to access databases Avoid LINQ ExecuteQuery Avoid EXEC in stored procedures Update new minimum required versions for code analysis tools also see Appendix E New Recommendations Web applications Use HTTPOnly cookies. Implement reflection and authentication relay defense. NULL out free d memory pointers in new code All sample code should be SDL compliant Internet Explorer 8 MIME handling HTTP response sniffing opt-out Lock ActiveX controls to a defined set of domains Verify use of ClickJacking defenses in code Verification Phase 2 new, 2 updates New Updated Requirements Network fuzzing Any new network parsers must be able to accept 100,000 malformed packets without failure Update Web applications Use ViewStateUserKey or ValidateAntiForgeryTokenAttribute against CSRF attacks Update Do not use banned APIs in old or new code New Recommendations Web applications Use a passive security auditor Feel free to email ask questions via the email feature in the blog or the comments section below.
Les mots clés de la revue de presse pour cet article : microsoft
Les videos sur SecuObs pour les mots clés : microsoft
Les mots clés pour les articles publiés sur SecuObs : microsoft
Les éléments de la revue Twitter pour les mots clé : microsoft
Les derniers articles du site "The Security Development Lifecycle" :
- Visual C 2010 and Improved SAL Support
- New BSIMM report released...
- Do what Microsoft did, not what they do.
- Community and Collaboration
- Now available Microsoft SDL version 5
- Survey Results Microsoft SDL awareness on the rise
- Using Fortify Solutions for a Microsoft SDL Implementation
- Telling their SDL stories IE8 and Office 2007
- Announcing Elevation of Privilege The Threat Modeling Game
- SDL and the New End to End Trust Site
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
