Monday, January 18, 2010

Microsoft Releases Quick Security References (QSRs) for XSS & SQLi

Via Microsoft SDL Blog -

Jeremy Dallman here to tell you about some new security guidance papers we are releasing today.
“My company was just attacked by something called SQL Injection! I have no idea what that is, or what I should do next! Where do I start?”
Unfortunately, this is a frequent scenario for many developers and IT Pros who have just discovered their systems, websites or applications have been compromised.

We’ve spoken to a number of people in the IT community who equate this to being tossed a parachute and thrown out of a plane into free-fall with no idea what to do next. These folks know the parachute will help them, but need a quick and easy way to find the D-Ring.

Today we are releasing the first of a new type of security guidance paper. We are calling them “Quick Security References” (QSRs).


SDL Quick Security References

With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles - business decision maker, architect, developer, and tester/QA. These papers will help you address a critical business problem now while moving you toward SDL adoption in the future.


At this point, only two SDL QSRs have been released - XSS and SQLi.

But both should be extremely helpful.

No comments:

Post a Comment