Information Security

Security > Home > Information Security

Information Security

A community of information security resources.

The Microsoft IT’s Information Security (InfoSec) group is responsible for information security risk management at Microsoft. We concentrate on information protection as well as enterprise business continuity planning. Our mission is to accelerate secure and reliable business for Microsoft, partners and customers. InfoSec is comprised of professionals of various disciplines including architects, developers, program managers, technologists and analysts.

Featured Stories

	InfoSec's A&P The suite is made up of a technology stack of protection & assessment tools.
	Dogfooding: Product Influence Looking at what risk might look like in the future is key.

	New Versions for Security Tools 3 new Community Tech Previews (CTP) for web developers ready for download!
	Dogfooding Phase 2: Security Features "We assess security-related features in upcoming Microsoft products"

More Channel 9 Videos >
More Edge Videos >

Recently

	Dogfooding Phase 1: Evaluating Risk Policies need to change? Also, time for a risk assessment.
	How Microsoft IT Dogfoods Mark explains how IT handles security in the early stages of a product.
	Integrating Risk Tracker with HR Feeds "A core functionality of Risk Tracker is the AuthZ component."
	Risk Management in Risk Tracker Built on CISF, it captures & tracks high level security risks to then be reduced.
	Awareness Blog Series Todd Kutzke describes the 3-pronged problem: people, process & technology.

How-Do-I Videos

	Sanitize HTML with Anti-XSS Library 3.1 New! This is using a new feature in the new version of the library. Learn to use it.
	SQL Server 2008 Policy Management Learn how this feature allows creation of policies on a SQL server instance.
	Defend from SQL Truncation Attacks See how truncation and escaping single quotes result in a SQL injection attack.
	Use VRTA & Netmon to Check Site Perf Virtual Roundtrip Analyzer to check site perf and trace frames in Network Monitor.
	Create a Unit Test to Test a SQL SPROC VSTS 2008 to create a unit test to test a SQL stored proc by binding a CSV file.

InfoSec Blogs

Tools

Wep Protection Library (WPL) CTP
New! Known as Anti-XSS Library, this is a more complete suite including mitigation for SQL injection, CSRF, etc.
Web App Configuration Analyzer (WACA) CTP
New! Scans the development environment against .NET best practices
CAT.NET CTP
New! CTP for download
Code analysis tool release version
Connected Information Security Framework
Framework for custom security solutions
Risk Tracker
Captures and tracks risks
neXpert
Performance Analysis tool
Visit Blog
Threat Analysis & Modeling
Application Threat Modeling

ACE Services

Learn here how we can help you enable secure and reliable business for your company.