True Insight » sdlc

Microsoft’s banned function calls

Brett Edgar — Thu, 21 May 2009 15:25:31 +0000

After reading Michael’s earlier post about SDL, I started digging a bit deeper into Microsoft’s SDL documentation and came across this pretty cool page. I wonder if anyone has a similar page for Unix-like OSes?

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

Twitter - More Posts

New SDL templates for Visual Studio Team System

Michael Oglesby — Wed, 20 May 2009 18:01:56 +0000

This week Microsoft released a set of SDL (Secure Development Lifecycle) process templates designed to make it easier for software teams to integrate SDL into their development processes. These templates integrate with Visual Studio Team System by adding SDL workflows and processes and providing the ability to measure and audit the results.

It can be difficult to transition from general SDL concepts and theory to actual workable processes. Perhaps you read a book on SDL or an auditor told you that you need to perform SDL on your projects. How do you make the move from theory to practice? These templates will let you hit the ground running by providing a strong basic SDL workflow that you can customize to your needs.

If your development team is already using Visual Studio Team System, I highly recommend you evaluate how these templates can help your project or team. And hey, they’re free! I always like free tools that make security simpler and easier to achieve.

Michael Oglesby

The Director of Tactical Security Services at TRUE, Michael specializes in security testing initiatives with vast network and application security assessment experience. He oversees a team of analysts in conducting SAST- and DAST-based services. Certifications include CISSP, CSSLP, QSA and CNSS 4011-4015. He is also the Verizon 2010 Data Breach Investigation Report Cover Challenge Winner and second place finisher in the 2011 competition.

Twitter - More Posts

There’s fast…

Dominic Schulte — Tue, 12 May 2009 13:55:42 +0000

…and there’s this [jeremiahgrossman.blogspot.com]. The Internets can be a little scary.

If you’re searching for ways to get buy-in or resources for SDLC, vulnerability management, or security testing improvements, this example should help.

Dominic Schulte

Dominic Schulte currently serves as the Managing Director of Security Services & Consulting at TRUE, where he is responsible for the execution of a wide range of security and regulatory compliance services. Previously, Dominic worked with the National Security Agency (NSA) as a Global Network Exploitation and Vulnerability Analyst in the National Security Incident and Response Center (NSIRC). He holds CISSP, QSA and CNSS 4011-4015 certifications.