"I have not yet begun to fight!"

Copyright Disclaimer Under Section 107 of the Copyright Act 1976?Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use. Unless you are in this field of investigative journalism, especially covering extremely sensitive subjects and potentially dangerous subjects as well, you simply cannot understand the complexities and difficulties involved with this work that I face every day.

Sunday, July 28, 2013

Security

Getting Started

Security Forums

Featured Security Content

Get the Microsoft Security Development Lifecycle toolset – it’s free
Download the templates and tools made available at no cost by Microsoft to help you automate SDL practices.

Microsoft's Security Talk Series: Discusses the latest in security & privacy
Join the discussion with a diverse group of leading security and privacy experts in this informative series of webcasts. These discussions help you gain insight and prescriptive guidance on a variety ... more

Write more secure code with the Microsoft Security Development Lifecycle (SDL)
Download the Simplified Implementation of the Microsoft SDL to learn about the software development security activities you should perform in order to improve the security of your code.

Announcing WIF support for Windows Server 2003
Windows Identity Foundation (WIF) RTW for Windows Server 2003 is available NOW! This release supports both Windows Server 2003 SP2 and Windows Server 2003 R2 platforms and following seven languages: E... more

Download Windows Identity Foundation Today
Windows Identity Foundation helps simplify user access for developers by externalizing user access from applications via claims and reducing development effort with pre-built security logic and integr... more

More Security "How Do I" Videos >

SDL Team Blog

A Microsoft-wide initiative and a mandatory policy since 2004, the Security Development Lifecycle (SDL) introduces security and privacy early and throughout the development process. Combining a holistic and practical approach, the SDL is risk-based with the goal of protecting end-users by reducing the number and severity of vulnerabilities in code.

Secure Development Is Much Easier Than You Think
Wednesday, Jul 24
!Exploitable crash analyzer version 1.6
Thursday, Jun 13
Microsoft SDL Conforms to ISO/IEC 27034-1:2011
Tuesday, May 14
Register Now for SDC 2013 and Save!
Wednesday, May 1
Register Now and Save
Wednesday, Apr 17

Identity Management Team Blog

Windows Identity Foundation enables .NET developers to externalize identity logic from their application, improving developer productivity, enhancing application security, and enabling interoperability. Enjoy greater productivity, applying the same tools and programming model to build on-premises software as well as cloud services.

Announcing July 2011 update to Access Control Service 2.0
Monday, Jul 25
Announcing the WIF Extension for SAML 2.0 Protocol Community Technology Preview!
Monday, May 16
AD FS 2.0 Content Map is published
Thursday, Apr 21
Windows Azure AppFabric Access Control Service released!
Tuesday, Apr 12
AD FS 2.0 Step-by-Step Guide: Federation with IBM Tivoli Federated Identity Manager
Monday, Apr 4

MSDN Magazine: Focus on Security

Read in-depth security articles from the authors of MSDN Magazine.

ASP.NET: Enabling and Customizing ASP.NET Web API Services Security
If you’re calling Web API service from secured ASP.NET pages, you probably have all the security you need. But if you want to extend Web API’s securit... more

Cutting Edge: Social Authentication in ASP.NET MVC 4
ASP.NET MVC 4 now includes an ad hoc framework to authenticate users via a number of social networks, and Dino Esposito shows you how.Dino EspositoMSD... more

Security: Access Online Services with the Windows Runtime and OAuth
Whether managing data with XHR or authenticating to a remote service with the WebAuthenticationBroker, WinJS and WinRT help you mash online services w... more

Security Updates

Microsoft security bulletin summary for July 2013

July 2013 security bulletin webcast

Featured Downloads

Download AD FS 2.0
AD FS 2.0 is a security token service for IT that issues and transforms claims and other tokens, manages user access and enables federation and access management for simplified single sign-on.

More Security Downloads >

Application Security Tip of the Week

Do Not Cache Sensitive Data
Applies To ASP.NET 4.0 What to Do ASP.NET output caching is a great way to improve application perfo... more

More Tips...

Application and Cyber Security Blog

Read up on software engineering, cybersecurity, and application risk management as offered by Security Innovation

Sony CISO Reporting to Executive Management. Maybe Cyber Security Czar will follow suit?
http://web.securityinnovation.com/blog/bid/72444/Sony-CISO-Reporting-to-Executive-Management-Maybe-Cyber-Security-Czar-will-follow-suitIn my previous ... more

Why responsible disclosure is the best choice for Security Innovation
http://web.securityinnovation.com/blog/bid/70136/Why-responsible-disclosure-is-the-best-choice-for-Security-InnovationThere is a wide range of ways to... more

Sony appoints CISO in response to PlayStation attacks……but reports to the CIO?????
http://web.securityinnovation.com/blog/bid/70713/Sony-appoints-CISO-in-response-to-PlayStation-attacks-but-reports-to-the-CIOA few months ago, Sony an... more

Other Security Resources

	Code Gallery Download or share sample applications or code snippets.
	CodePlex Microsoft's open source project-hosting site.
	Security Content on Channel 9 Watch videos and connect with your peers – it's all about the conversation.
	DevLabs Explore the projects that we are experimenting with in our labs, and let us know if they inspire you.
	patterns & practices Use Microsoft's proven practices for software engineering.