OWASP SAMMv1.1

Thursday, March 17, 2016

“The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you: Evaluate an organization’s existing software security practices Build a balanced software security assurance program in well-defined iterations Demonstrate concrete improvements to a security assurance program Define and measure security-related activities throughout an organization” Software Assurance Maturity Model (SAMM) can be download from the following link.

Microsoft Threat Modeling Tool 2016

Thursday, October 8, 2015

“Microsoft Threat Modeling Tool 2016 is a tool that helps in finding threats in the design phase of software projects. It's available as a free download from the Microsoft Download Center. This latest release simplifies working with threats and provides a new editor for defining your own threats. Microsoft Threat Modeling Tool 2016 has several improvements such as New Threat Grid, Template Editor & Migrating Existing Data Flow Diagrams. “ Microsoft Threat Modeling Tool 2016 can be download from the following link. Attached bellow a sample screen shots of Microsoft Threat Modeling Tool 2016:

Skype for Business, SDN Interface 2.2

Sunday, July 12, 2015

“The Skype for Business, SDN (Software-Defined Networking) Interface allows developers to build applications and services that can monitor, isolate and correct issues on the network that affect Skype for Business quality of experience. The installer application also provides customers with the ability to interface with qualified 3rd party applications built on the Skype for Business, SDN API. “ Skype for Business, SDN Interface 2.2 can be download from the following link.
no comments

Recommended Security HTTP Response Headers

Saturday, May 2, 2015

Attached a list of a recommended security HTTP Response Headers:   Access-Control-Allow-Origin – e.g. Access-Control-Allow-Origin: http://test.example.com Access-Control-Expose-Headers Cache-Control Content-Disposition – e.g. Content-Disposition: attachment; filename=myfile.html  Content-Encoding – e.g. Content-Encoding: gzip Content-Length – e.g. Content-Length: 103 Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP – e.g. Content-Security-Policy: default-src 'self'  Content-Security-Policy-Report-Only (For debugging purpose only) – e.g. Content-Security-Policy-Report-Only: default-src 'self'; report-uri http://test.example.com/test.aspx  Content-Type – e.g. Content-Type: text/plain Expires P3P Public-Key-Pins – e.g. Public-Key-Pins: pin-sha384="<sha384>"; pin-sha384="<sha384>"; max-age=15768000; includeSubDomains  Set-Cookie Strict-Transport-Security – e.g. Strict-Transport-Security: max-age=16070400; includeSubDomains X-Content-Type-Options – e.g. X-Content-Type-Options: nosniff X-Download-Options – e.g. X-Download-Options: noopen X-Frame-Options, Frame-Options – e.g. X-Frame-Options: deny...