ACE Team - Security, Performance & Privacy

Technical Dependency Analysis

Hi, I’m Kevin Harris, Principal Program Manager with Microsoft’s Enterprise Business Continuity...

Date: 02/19/2010

Using the Business Impact Analysis

Hi all, I’m Tom Easthope, Sr. Program Manager on the Enterprise Business Continuity team at...

Date: 01/26/2010

InfoSec A&P Suite: How to Install & Configure

Hi everyone, Diane here. Recently the Information Security Tools (IST) Team released the Assessment...

Date: 11/30/2009

Introducing the InfoSec Assessment & Protection Suite

The Information Security Tools (IST) team has released the InfoSec Assessment & Protection...

Date: 11/16/2009

Dogfooding: How Microsoft IT Information Security Dogfoods: Product Influence

Hi Steven Michalove here, I’m a principal program manager on Microsoft IT’s Information Security...

Date: 10/30/2009

Dogfooding: How Microsoft IT Information Security Dogfoods, Phase 2: Perform an Assessment of the Features Only

Hi Price Oden here, I’m a principal senior security architect on the Microsoft IT Information...

Date: 10/26/2009

Dogfooding: How Microsoft IT Information Security Dogfoods, Phase 1: Conduct a Security Design Review

Hi Don Nguyen here, I’m a senior security engineer with the Microsoft Information Security's...

Date: 10/19/2009

Risk Management in Risk Tracker

Hey there, my name is Sarah Pickard and I am a Senior Program Manager on the Microsoft Information...

Date: 10/15/2009

Dogfooding: How Microsoft IT's Information Security Dogfoods

Hello Diane here. Do you ever wonder how Microsoft’s IT Information Security (InfoSec) is involved...

Date: 10/08/2009

How to Integrate Risk Tracker with Internal HR Feeds

Organizations who would like to deploy the Risk Tracker v1.0 application in their own environment,...

Date: 09/30/2009

Risk Tracker v1.0 Release

The Microsoft Information Security Tools (IST) team releases Risk Tracker version 1.0 application....

Date: 09/29/2009

Create a Response Time Graph

Spending my last 4 years helping Microsoft’s enterprise customers improve their line of business...

Date: 09/27/2009

Anti-XSS Library v3.1 Released!

The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross...

Date: 09/17/2009

Introducing the Connected Information Security Framework (CISF) and Risk Tracker Version 1.0

The Microsoft Information Security Tools (IST) team has released the Connected Information Security...

Date: 09/16/2009

Blog Series: Get Familiar with the SDL-LOB Process. Introduction to Phase Five: Release for LOB

Hello, Anmol here.  As you’ve been following along with me in my blog series on Security...

Date: 08/10/2009

Video Series: ACE Security Consultants from the Field

Kicking off our video series, ‘ACE Security Consultants from the Field,’ Talhah Mir from Microsoft...

Date: 08/04/2009

Blog Series: Get Familiar with the SDL-LOB Process. Introduction to Phase Four: Verification for LOB

Hello, Anmol here…continuing our discussion of Security Development Lifecycle for Line-of-Business...

Date: 07/29/2009

Blog Series: Get Familiar with the SDL-LOB Process. Introduction to Phase Three: Implementation for LOB.

Hello, Anmol here.  For this blog series I’ll discuss the the Security Development Lifecycle...

Date: 07/13/2009

Blog Series: Get Familiar with the SDL-LOB Process, Introduction to Phase Two: Design for LOB

Hello, Anmol here.  This is a continuation of my blog series on the SDL-LOB process.  In...

Date: 06/19/2009

Blog Series: Get Familiar with the SDL-LOB Process, Introduction to Phase One: Requirements for LOB

Hello, Anmol here.  For this blog series I’ll discuss the SDL-LOB process and cover all 5...

Date: 06/16/2009

Blog Series: Get Familiar with the SDL-LOB (Security Development Lifecycle for Line-Of-Business Applications) Process

Hello, Anmol Malhotra here. I’m a Senior Security Engineer with ACE Team, a part of Microsoft IT...

Date: 06/02/2009

How Do I: Set Up Fiddler’s Reverse Proxy to Create a VSTS 2008 Web Test

VSTS 2008 has a great recording tool that allows you to create web test simply by recording your web...

Date: 05/29/2009

TechNet Webcast: Configuring with Least Privilege in SQL Server 2008 (Level 300)

TechNet Webcast: Configuring with Least Privilege in SQL Server 2008 (Level 300) Tuesday, June 02,...

Date: 05/29/2009

TechNet Webcast: Fundamentals of Third-Party Security Management (Level 300)

TechNet Webcast: Fundamentals of Third-Party Security Management (Level 300) Monday, June 01, 2009...

Date: 05/29/2009

Infrastructure Security Design Review

Hello Everyone! My name is Shawn Rabourn and I am a Senior Security Consultant with ACE (Assessment,...

Date: 05/19/2009

ACE Infrastructure Security Services: An Overview

This is Rob Cooper, Senior Engineer for ACE Infrastructure (also known internally as ICE for you...

Date: 05/11/2009

Security as a Service: A Balancing Act

When I first joined Microsoft IT, I was intrigued by the concept of offering security assessment as...

Date: 05/04/2009

About ACE’s Information Security Assessment Service - Your Friendly Neighborhood Security Auditor

This is Gerard Morisseau, Senior Program Manager for ACE’s Information Security Assessment Services...

Date: 04/28/2009

VSTS Web Test Step-by-Step Primer: 7-Minute Video by Microsoft A.C.E. Performance Engineer Chris Lundquist (with Copious Notes and Screen Shots from Your Humble Correspondent)

My colleague & A.C.E. performance engineer Chris Lundquist has compiled a 6:58 wmv featuring his...

Date: 04/27/2009

Shrinking Budgets: Application Security Tools vs Process Tradeoff

An all too familiar scene repeated itself two weeks ago. My good friend & CISO of a mid-sized...

Date: 04/21/2009

About ACE’s Infrastructure Security Team

Hi, my name is Brad Gobble and I manage ACE’s Infrastructure Security Team, a part Microsoft IT’s...

Date: 04/17/2009

ACE Team's Performance Development Lifecycle (PDL-IT )

Hi – This is Irfan, Director of the ACE Team. Some of you may have come across Abu’s...

Date: 04/03/2009

Akshay’s Uncertainty Principle: Observing Some Metrics Changes Them

You’ve probably heard of the famous  Heisenberg Uncertainty Principle  in Quantum physics....

Date: 03/31/2009

Vulnerabilities in Web Applications due to improper use of Crypto – Part 4

Digital signature is a cryptographic mechanism that provides three security services; data origin...

Date: 03/26/2009

Performance Development lifecycle for IT - Part 3

This is the continuation of the previous posts on PDL-IT (part-1 , part-2). Part-1 consisted of...

Date: 03/24/2009

Performance Development lifecycle for IT - Part 2

As a follow-up post to PDL-IT part-1, this is the part-2 of PDL-IT.  In this post I would...

Date: 03/12/2009

Response to InfoSec X Prize Part 1

So I’ve been quite amazed by the amount of discussion and feedback i have received from colleagues...

Date: 03/05/2009

Performance Development life cycle for IT – Part 1

Microsoft ACE team has been involved in performance testing and tuning of web applications within...

Date: 03/04/2009

Baking Security In: A Comic Strip View of SDL

So how do you take your average developer who scoffs at security from the careless and brash aka...

Date: 03/03/2009

neXpert v1.0 Released!

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */...

Date: 02/16/2009

Webcast: Software Security with Static Code Analysis Using CAT.NET

MSDN Webcast: Software Security with Static Code Analysis Using CAT.NET (Level 200) Presenter:...

Date: 02/15/2009

Microsoft IT Solutions: Full Drive Encryption using BitLocker

One of the challenges that I have been focusing my team on this fiscal year has been creating new...

Date: 02/07/2009

Note to Fannie Mae: Dealing with Logic Bombs

Today, it was revealed that a departing contractor left Fannie Mae with a parting gift – a Logic...

Date: 01/31/2009

Vulnerabilities in Web Applications due to improper use of Crypto – Part 3

Almost all thick client applications need to update themselves. This is the only way to distribute...

Date: 01/25/2009

The InfoSec X Prize: Fundamental Change Through Competition

Today I had a thought provoking conversation with Dr. Peter Diamandis, Chairman and CEO of Zero...

Date: 01/23/2009

Webcast on Recently Released Anti-XSS & CAT.NET

"Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)" It will be co-presented by...

Date: 01/06/2009

New versions of Anti-XSS & CAT.NET available today and some background and history about the ACE team

*** UPDATE ********** ALL LINKS ARE LIVE NOW! ********************* Hi All – this is Irfan Chaudhry,...

Date: 12/15/2008

Performance Monk and the Deadly Duo

Alik here. Following great feedback on our last post we decided to continue sharing ACE Team...

Date: 12/08/2008

Next>