|
Введение в безопасный доступ к коду
- 08/30/2009
Введение в структуру системы безопасности .NET названную Code Access Security (CAS), которая помогает централизовать решения о безопасности.
Usage Types:
Readings
|
|
|
Обеспечение безопасности веб-сервисов с использованием WSE 2.0 и Systinet Server 5.0 for Java
- 08/30/2009
Эта статья показывает взаимодействие, основанное на OASIS WS-Security 1.0, между Microsoft WSE 2.0 и Systinet Server for Java 5.0.
Usage Types:
Readings
|
|
|
Безопасность в ASP.NET приложениях
- 08/30/2009
Безопасность в ASP.NET приложениях.
Usage Types:
Slides
|
|
|
Основы безопасности приложений
- 08/30/2009
Основы безопасности приложений.
Usage Types:
Slides
|
|
|
Стратегия построения защищенных информационных систем корпорации Microsoft
- 08/30/2009
Стратегия построения защищенных информационных систем корпорации Microsoft.
Usage Types:
Slides
|
|
|
Trustworthy Compiler Development
- 12/02/2008
This is the second, enhanced, version of Trustworthy Compiler Development course, companion curriculum to my "Trustworthy Compilers" book published at Wiley in February 2010. Both classical and innovative material on compilers is included.
Usage Types:
Slides
|
|
|
Defense Against the Dark Arts Course Materials
- 08/11/2008
This course presents the art of virus detection. It uses the Microsoft Experimental Compiler Phoenix to break down compiled virus code and other techniques such as lexicographical analysis to teach students about computer virus in a safe and ethical manner.
Usage Types:
Course Outline, Demo, Project, Tutorial
|
|
|
Lernen durch Begeisterung
- 02/25/2008
Diese Studie untersucht, ob und wie durch den Einsatz geeigneter Methoden in der Lehre die Stoffpräsenz bei Studierenden verbessert werden kann.
Usage Types:
Case Study, Readings
|
|
|
Escrevendo Código Seguro
- 10/26/2007
Introdução à Segurança de Código; Microsoft Secure Development Lifecycle; como funcionam os Buffer Overruns; boas práticas e ferramentas de desenvolvimento com foco em segurança.
Usage Types:
Slides
|
|
|
Intellectual Property
- 03/19/2007
Presentation on Intellectual Property - The Facts, Fiction. Presented by Ronald Zink at the Microsoft MEA Academic Days 2007 in Tunisia.
Usage Types:
Slides
|
|
|
Secure Software Engineering
- 02/13/2007
This archive contains materials of a uinversity course on secure software engineering at St. Petersburg University. Software lifecycle, programming paradigms, software process and their relation to secure software development are considered. Special attention is paid to aspect-oriented programming.
Usage Types:
Slides
|
|
|
Security Teaching Objects - Threat Modeling - 1 of 2 (Video)
- 12/06/2006
This session covers threat modeling, which is the process of categorizing, prioritizing, and mitigating security threats in a system. It will cover both STRIDE categorization and DREAD prioritization. It is intended to be the first session delivered in the series.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Buffer Overruns - 1 of 2 (Video)
- 12/06/2006
This session covers the fundamentals of buffer overruns, focusing on stack overruns. As well as the tools and techniques that may be employed to prevent them.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Advanced Buffers - 1 of 2 (Video)
- 12/06/2006
This session continues coverage of buffer overruns by diving into details on heap overruns and string format bugs, which rely on buffer overruns. It also covers the use of Application Verifier to discover heap overrun bugs.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Integer Overflow - 1 of 2 (Slides)
- 12/06/2006
This session provides a primer on binary and dives into the inherent risks in working with numbers, such as signed/unsigned mismatches, truncation, and ANSI/UNICODE mismatches.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Resource Management - 1 of 2 (Video)
- 12/06/2006
This session covers the importance of proper resource management. It includes coverage of several scenarios in which seemingly well-behaved code puts users at risk by failing to pay close attention to return values and other error indicators.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Race Conditions - 1 of 2 (Video)
- 12/06/2006
This session covers the fundamentals of race conditions, as well as the potential threats they pose in the hands of a malicious user.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Trusting User Input - 1 of 2 (Video)
- 12/06/2006
This session covers the various ways users can provide bad input to an application, as well as ways to sanitize it for protection. It includes heavy coverage of regular expressions.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Cross Site Scripting - 1 of 2 (Video)
- 12/06/2006
This session covers defending against the practice of using malicious scripts to trick a user's browser into performing unapproved actions.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - SQL Injection - 1 of 2 (Video)
- 12/06/2006
This session covers defending against the practice of providing malicious input to database-driven applications that can have unexpected and often dangerous effects.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Cryptography - 1 of 2 (Video)
- 12/06/2006
This session covers the fundamentals of cryptography. Topics include encryption, hashing, and digital signatures.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Security Compliance Issues - 1 of 2 (Video)
- 12/06/2006
This session covers the important issues in security compliance as required by US laws and regulations. It also provides a general overview of the security compliance process.
Usage Types:
Audiovisual Content
|
|
|
Security Teaching Objects - Threat Modeling - 2 of 2 (Slides)
- 12/06/2006
This session covers threat modeling, which is the process of categorizing, prioritizing, and mitigating security threats in a system. It will cover both STRIDE categorization and DREAD prioritization. It is intended to be the first session delivered in the series.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Buffer Overruns - 2 of 2 (Video)
- 12/06/2006
This session covers the fundamentals of buffer overruns, focusing on stack overruns. As well as the tools and techniques that may be employed to prevent them.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Advanced Buffers - 2 of 2 (Slides)
- 12/06/2006
This session continues coverage of buffer overruns by diving into details on heap overruns and string format bugs, which rely on buffer overruns. It also covers the use of Application Verifier to discover heap overrun bugs.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Integer Overflow - 2 of 2 (Slides)
- 12/06/2006
This session provides a primer on binary and dives into the inherent risks in working with numbers, such as signed/unsigned mismatches, truncation, and ANSI/UNICODE mismatches.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Resource Management - 2 of 2 (Slides)
- 12/06/2006
This session covers the importance of proper resource management. It includes coverage of several scenarios in which seemingly well-behaved code puts users at risk by failing to pay close attention to return values and other error indicators.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Race Conditions - 2 of 2 (Slides)
- 12/06/2006
This session covers the fundamentals of race conditions, as well as the potential threats they pose in the hands of a malicious user.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Trusting User Input - 2 of 2 (Slides)
- 12/06/2006
This session covers the various ways users can provide bad input to an application, as well as ways to sanitize it for protection. It includes heavy coverage of regular expressions.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Cross Site Scripting - 2 of 2 (Slides)
- 12/06/2006
This session covers defending against the practice of using malicious scripts to trick a user's browser into performing unapproved actions.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - SQL Injection - 2 of 2 (Slides)
- 12/06/2006
This session covers defending against the practice of providing malicious input to database-driven applications that can have unexpected and often dangerous effects.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Cryptography - 2 of 2 (Slides)
- 12/06/2006
This session covers the fundamentals of cryptography. Topics include encryption, hashing, and digital signatures.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Security Teaching Objects - Security Compliance Issues - 2 of 2 (Slides)
- 12/06/2006
This session covers the important issues in security compliance as required by US laws and regulations. It also provides a general overview of the security compliance process.
Usage Types:
Demo, Exercise/Exam, Slides
|
|
|
Évolution de la sécurité chez Microsoft
- 05/24/2005
- Stratégie de Microsoft en matière de sécurité
- La sécurité dans les produits Microsoft
- Le retour d’expérience de Microsoft sur la sécurité, en tant qu’entreprise devant protéger son IT
Usage Types:
Slides
|
|
|
Nouveautés en matière de sécurité du poste de travail et des serveurs v1.1_Deuxième partie sur 2
- 03/18/2005
L'informatique de confiance (Trustworthy computing)et les apports de la sécurité pour les systèmes Microsoft (2/2)
Usage Types:
Slides
|
|
|
Nouveautés en matière de sécurité du poste de travail et des serveurs v1.1_Première partie sur 2
- 03/18/2005
L'informatique de confiance (Trustworthy computing)et les apports de la sécurité pour les systèmes Microsoft
Usage Types:
Slides
|
|
|
Mise en oeuvre d'une politique de gestion des correctifs de sécurité_Deuxième partie sur 2
- 03/18/2005
Description générale de la sécurité dans le cadre des coorectifs et l'implémentation Microsoft (1/2)
Usage Types:
Slides
|
|
|
Mise en oeuvre d'une politique de gestion des correctifs de sécurité_Première partie sur 2
- 03/18/2005
Description générale de la sécurité dans le cadre des coorectifs et l'implémentation Microsoft (1/2)
Usage Types:
Slides
|
|
|
Operating System Security in a Windows Server Environment
- 02/08/2005
In this tutorial you will learn which threats a server machine is exposed to when connected to the internet and how to face them. You learn how to minimize the risk caused by network services running on your server.
Usage Types:
Exercise/Exam, Lab, Readings, Source Code
|
|
|
Information Security Curriculum: Computing Curriculum Workshop 2004
- 05/25/2004
In this presentation from the 2004 Computing Curriculum, Asst. Professor Dr. Brad Jensen, University of North Texas, showcases a course that provides students with an introduction to the various technical and management aspects of information security and information assurance.
Usage Types:
Professional Development
|
|
|
Web Service Security:Theory and Practice (slides only)
- 04/26/2004
This presentation (slides only) from Microsoft Research’s Fourth Crash Course for Faculty and PhD students discusses Microsoft WSE, WSDL, SOAP, cryptyc, and app-level and message level syntax.
Usage Types:
Slides
|
|
|
Overview Module - .NET Security
- 01/20/2004
In this course, you’ll learn how to prepare for security threats early in the life cycle of projects. It discusses encryption, network authentication, and then authorization strategies.
Usage Types:
Slides
|
|
|
Threats and Mitigation Module - .NET Security
- 01/20/2004
This module identifies and categorizes the general threats posed to applications built on the Microsoft® .NET Framework, and discusses how to prioritize and mitigate them.
Usage Types:
Slides
|
|
|
Conventional Cryptography and Authentication Module - .NET Security
- 01/20/2004
This module introduces symmetric (secret) key cryptography and the Microsoft® .NET Framework classes that expose it.
Usage Types:
Slides
|
|
|
Public Key Cryptography and Authentication Module - .NET Security
- 01/20/2004
This module introduces asymmetric (public) key cryptography and certificates.
Usage Types:
Slides
|
|
|
Windows Security 101 Module - .NET Security
- 01/20/2004
This module tours the features in the operating system that are important for developers to know. This first of two modules discusses the Trusted Computing Base, principals, authorities, groups, privileges, tokens, logon sessions, window stations, and the secondary logon service.
Usage Types:
Slides
|
|
|
Windows Security 102 Module - .NET Security
- 01/20/2004
This module on operating system security focuses on client identity management in distributed systems.
Usage Types:
Slides
|
|
|
Code Access Security - Part One Module - .NET Security
- 01/20/2004
This module focuses on evidence, permissions, and policy.
Usage Types:
Slides
|
|
|
Code Access Security - Part Two Module - .NET Security
- 01/20/2004
This module discusses the CAS stackwalk, including issues in building secure gateways to secured resources, such as assertion of permissions.
Usage Types:
Slides
|
|
|
Web Application Security Module - .NET Security
- 01/20/2004
This module discusses the HTTP pipeline that Microsoft ASP.NET uses and the security services provided at each point in the pipeline.
Usage Types:
Slides
|
|
|
Web Service Security Module - .NET Security
- 01/20/2004
This module discusses the current practical thoughts on authentication models for Web services.
Usage Types:
Slides
|
|
|
Remoting Module - .NET Security
- 01/20/2004
This module provides an introduction to building systems based on Microsoft® .NET Remoting.
Usage Types:
Slides
|
|
|
COM+ Module - .NET Security
- 01/20/2004
This module focuses on the COM+ security model and how to use DCOM security to build secure distributed applications.
Usage Types:
Slides
|
|
|
Dumb Code Module - .NET Security
- 01/20/2004
This module explains how to write robust code by showing examples of bad code with security holes.
Usage Types:
Slides
|
|
|
Conventional Crypto Lab - .NET Security
- 01/20/2004
In this lab, you’ll work with files and passwords, deriving a conventional key from a password and using that key to encrypt the file.
Usage Types:
Lab
|
|
|
Public Key Crypto Lab - .NET Security
- 01/20/2004
In this lab, you’ll build a socket-based architecture for sending and receiving signed and encrypted messages.
Usage Types:
Lab
|
|
|
Tokens Lab - .NET Security
- 01/20/2004
In this lab, you’ll set up a simple Kerberos-based distributed system.
Usage Types:
Lab
|
|
|
Impersonation Lab - .NET Security
- 01/20/2004
In this lab, you’ll gain some hands-on experience with impersonation. 2) See some examples of dumb code leading to security holes.
Usage Types:
Lab
|
|
|
CAS Policy Lab - .NET Security
- 01/20/2004
In this exercise, you’ll look at the way policy levels hang together and become familiar with the various permissions that are defined by the Microsoft® .NET Framework.
Usage Types:
Lab
|
|
|
Web Application Security Lab - .NET Security
- 01/20/2004
In this lab, you’ll build the infrastructure that enables a Web application to support forms authentication and integrated Microsoft Windows® authentication.
Usage Types:
Lab
|
|
|
Web Services Lab - .NET Security
- 01/20/2004
In this exercise, you’ll experiment with an early implementation of the WS-Security specification and the Web Services Enhancements toolkit from Microsoft.
Usage Types:
Lab
|
|
|
Remoting Lab - .NET Security
- 01/20/2004
In this exercise, you’ll add security to an existing remoting application.
Usage Types:
Lab
|
|
|
COM Lab - .NET Security
- 01/20/2004
This exercise walks you through building and securing a managed COM+ server.
Usage Types:
Lab
|
|
|
CAS Enforcement Lab - .NET Security
- 01/20/2004
In this exercise, you’ll experiment with deploying a Microsoft® Windows® Forms application on the Intranet.
Usage Types:
Lab
|
|
|
Threat Modeling - .NET Security
- 01/20/2004
This quiz asks four questions about threat modeling.
Usage Types:
Exercise/Exam
|
|
|
Conventional Cryptography and Kerberos Quiz - .NET Security
- 01/20/2004
This quiz asks five questions about conventional cryptography and Kerberos.
Usage Types:
Exercise/Exam
|
|
|
Public Key Cryptography and SSL Quiz - .NET Security
- 01/20/2004
This quiz asks six questions about public key cryptography and SSL.
Usage Types:
Exercise/Exam
|
|
|
Windows Security 101 Quiz - .NET Security
- 01/20/2004
Seven questions quiz on Microsoft® Windows® security.
Usage Types:
Exercise/Exam
|
|
|
Windows Security 102 Quiz - .NET Security
- 01/20/2004
This quiz asks six questions about Microsoft® Windows® security.
Usage Types:
Exercise/Exam
|
|
|
CAS Policy Quiz - .NET Security
- 01/20/2004
This quiz asks six questions about CAS policy.
Usage Types:
Exercise/Exam
|
|
|
CAS Enforcement Quiz - .NET Security
- 01/20/2004
Five question quiz on CAS enforcement.
Usage Types:
Exercise/Exam
|
|
|
Web-Application Security Quiz - .NET Security
- 01/20/2004
This quiz asks five questions about Web-Application Security.
Usage Types:
Exercise/Exam
|
|
|
Web Services Quiz - .NET Security
- 01/20/2004
This quiz asks four questions about Web services.
Usage Types:
Exercise/Exam
|
|
|
Remoting Quiz - .NET Security
- 01/20/2004
This quiz asks four questions about remoting.
Usage Types:
Exercise/Exam
|
|
|
COM+ (System.EnterpriseServices) Quiz - .NET Security
- 01/20/2004
This quiz asks five questions about Microsoft COM+ and System.EnterpriseServices.
Usage Types:
Exercise/Exam
|
|
|
Dumb Code Quiz - .NET Security
- 01/20/2004
This quiz asks five questions about dumb code.
Usage Types:
Exercise/Exam
|
|
|
Code Access Security Module - .NET: Building Applications and Components with C#
- 01/18/2004
This module explains the code access security model, including evidence, policy, permissions, and stack walking.
Usage Types:
Slides
|
|
|
DNA to .NET Porting Module - Microsoft .NET Developer Tools Readiness Kit
- 01/15/2004
This module provides an introduction to DNA to .NET porting.
Usage Types:
Slides
|
|
|
.NET Security Module - Microsoft .NET Developer Tools Readiness Kit
- 01/15/2004
This module provides an introduction to Microsoft® .NET security.
Usage Types:
Slides
|
|
|
.NET Security
- 01/10/2004
In this course, students learn how to be prepared for security threats early in the life cycle of their projects.
Usage Types:
Executable Program, Exercise/Exam, Lab, Slides, Source Code
|