Microsoft Threat Modeling Tool 2016

Thursday, October 8, 2015

“Microsoft Threat Modeling Tool 2016 is a tool that helps in finding threats in the design phase of software projects. It's available as a free download from the Microsoft Download Center. This latest release simplifies working with threats and provides a new editor for defining your own threats. Microsoft Threat Modeling Tool 2016 has several improvements such as New Threat Grid, Template Editor & Migrating Existing Data Flow Diagrams. “ Microsoft Threat Modeling Tool 2016 can be download from the following link. Attached bellow a sample screen shots of Microsoft Threat Modeling Tool 2016:

Skype for Business, SDN Interface 2.2

Sunday, July 12, 2015

“The Skype for Business, SDN (Software-Defined Networking) Interface allows developers to build applications and services that can monitor, isolate and correct issues on the network that affect Skype for Business quality of experience. The installer application also provides customers with the ability to interface with qualified 3rd party applications built on the Skype for Business, SDN API. “ Skype for Business, SDN Interface 2.2 can be download from the following link.
no comments

Recommended Security HTTP Response Headers

Saturday, May 2, 2015

Attached a list of a recommended security HTTP Response Headers:   Access-Control-Allow-Origin – e.g. Access-Control-Allow-Origin: Access-Control-Expose-Headers Cache-Control Content-Disposition – e.g. Content-Disposition: attachment; filename=myfile.html  Content-Encoding – e.g. Content-Encoding: gzip Content-Length – e.g. Content-Length: 103 Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP – e.g. Content-Security-Policy: default-src 'self'  Content-Security-Policy-Report-Only (For debugging purpose only) – e.g. Content-Security-Policy-Report-Only: default-src 'self'; report-uri  Content-Type – e.g. Content-Type: text/plain Expires P3P Public-Key-Pins – e.g. Public-Key-Pins: pin-sha384="<sha384>"; pin-sha384="<sha384>"; max-age=15768000; includeSubDomains  Set-Cookie Strict-Transport-Security – e.g. Strict-Transport-Security: max-age=16070400; includeSubDomains X-Content-Type-Options – e.g. X-Content-Type-Options: nosniff X-Download-Options – e.g. X-Download-Options: noopen X-Frame-Options, Frame-Options – e.g. X-Frame-Options: deny...

How to Secure HTTP Cookies

Friday, May 1, 2015

The following article cover the main steps that need to be taken to Secure HTTP Cookies.   Cookie Name = Random Name that change each session (e.g. 256 Bit GUID)Domain = Web Site FQDN (Fully Qualified Domain Name Path = / (or any relative directory)Secure = TrueHttpOnly = TrueExpire = ASAP (As Soon as Possible)   Please Note: 1. Avoid a situations where sensitive information is saved in the HTTP cookie. In special cases, encrypt the the sensitive information that is stored in the HTTP cookie by using AES 256 Bit algorithm. The encryption key should be replaced...

Best Practices On How to Secure HTTP Cache Control Headers

Tuesday, April 28, 2015

The following best practices cover the main settings that need to be set to avoid caching locally a sensitive information such as: credit cards details, authentication cookie, etc.   1. HTTP/1.1 Cache-Control: private, no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0 Expires: 0   2. HTTP/1.0 Pragma: no-cache Note: Its highly recommended to disallow the use of HTTP/1.0 in the client and the server side.   3. HTTP/2 HTTP/2 offer a compliance to HTTP/1.1 standards in a variety of areas. Due this, HTTP/1.1 HTTP Cache Control Headers can be applied to HTTP/2 traffic. However, due the fact that currently HTTP/2...

BinScope 2014

Monday, November 24, 2014

“BinScope Binary Analyzer is a verification tool that analyzes binaries to ensure that they have been built in compliance with the SDL requirements and recommendations. Microsoft BinScope was designed in order to help detect potential vulnerabilities that can be introduced into Binary files. The tests implemented in BinScope examine application binary files to identify coding and building practices that can potentially render the application vulnerable to attack or to being used as an attack vector. “ BinScope 2014 can be download from the following link.

BizTalk Terminator

Friday, September 5, 2014

“The BizTalk Terminator tool allows the user to easily address common BizTalk issues via SQL, WMI, and PowerShell based tasks provided by the BizTalk team. Additional functionality includes the ability to suspend, resume, and terminate in bulk by date range, make performance tuning changes, and integrate with the MessageBox Viewer utility. “ BizTalk Terminator can be download from the following link.
tags: , ,
no comments