Information Security Videos

Anil Revuru (RV), from Microsoft Information Security, introduces a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it. For more info watch the Assessment & Protection (A&P) Suite video. WACA is designed to scan your development environment against best practices for .NET security configuration, IIS settings, SQL Server Security best practices and some Windows permission settings. It is helpful for verifying your configuration while unit testing and ensuring there are no issues when the application is in production. The CTP (Community Technology Preview) for this tool is available in Microsoft Connect – Information Security Tools. Read CTP announcement and follow the Security Tools Team blog.

A live demonstration of a mobile call interceptor, a sophisticated system that enables governments and other entities to listen to all of your mobile calls. The video shows how Gold Lock Encryption (www.gold-lock.com) completely prevents the interceptor from tapping the encrypted calls. Ranked 3.31 / 5 | 15365 views | 1 comments Click here to watch the video (02:46) Submitted By: Gold-Lock Tags: GSM Security Encryption Interceptor Interception Live Demonstration Nokia IPhone Blackberry Gold Lock Encrytpion Software Tapping Eavesdropping Spy Gear Information Security Counter Surveillance Categories: Science & Tech

Anil Revuru (RV), from Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS) attacks. This enhanced version of the library will introduce mitigation to other attacks like: SQL Injection Cross-Site Request Forgery (CSRF) Setting Enforcement like SSL & HTTP_ONLY cookies Security Runtime Engine for SQL Injection & XSS Among others The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools. Read CTP announcement and follow the Security Tools Team blog.

Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools: Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others CAT.NET Web Application Configuration Analyzer (WACA) and room for more future add-ons The CTP (Community Technology Preview) for these tools are available in Microsoft Connect – Information Security Tools. These are currently individual as they shift to one-install. Read CTP announcement and follow the Security Tools Team blog.

Marius Grigoriu and Vineet Batta, from Microsoft Information Security, talk about the technical components for the first version of Connected Information Security Framework (CISF).  A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker. Microsoft’s IT Information Security Tools Team designs and develops CISF to “engineer the security delta” meaning as a way to rapidly meet business requirements and create functionality that doesn’t exist or is not yet available in their product range. They explain the core pieces CISF consists of like: Business Intelligent, Portal, Notification, and others that help build information security applications cheaper, faster, and better To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the  Security Tools Team blog To see an overview of what CISF is watch the video: CISF: Build Custom Security Solutions CISF CTP download

Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of Connected Information Security Framework (CISF).  A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker. Microsoft’s IT Information Security Tools Team designs and develops CISF to “engineer the security delta” meaning as a way to rapidly meet business requirements and create functionality that doesn’t exist or is not yet available in their product range. They explain benefits found on this framework including: Building information security applications cheaper, faster, and better Migrate applications efficiently and effectively to their products when they become available To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the  Security Tools Team blog.  CISF CTP download

Amazon Web Services and Google App Engine represent the leading edge of a wave of cloud services. These services and similar services that are being developed by other vendors are increasing efficiencies in web application development, hosting and data storage. These services provide the ability to expand computing and hosting capability as a variable cost rather than a fixed cost. The ability to design infrastructure that dynamically adapts to peak loads positively affects the stability and resilience because infrastructure no longer experiences service outages during peak loads. It can flexibly extended via cloud services. In this talk recorded at Saltmarch Media's Nitin Borwankar anweres questions such as What are the business areas that can benefit most from using cloud services? How can enterprise business standards be met with seemingly unreliable services? Take two of the most prominent services as category examples. What does Amazon Web Services offer specifically and what does Google App Engine offer and how are they similar and different? How do we evaluate these and future offerings to come? This talk addresses key issues surrounding the leveraged use of cloud services for business applications in the enterprise and identifies where the usage differs from the usage of these services in Web 2.0 applications. We use Amazon Web Services and Google App Engine as examples only. This is not a vendor presentation also it is not biased to one vendor - rather it is meant to teach the audience how to evaluate these offerings for their own needs and what checklists might one find useful. We use AWS and GAE as examples as these are the most well known - we also survey the other offerings available so that the audience can get an idea of what is out there and what is coming. This talk is meant for technologists as well as business users.

Bite-size analysis of implementing secure enterprise IM. This video feature, in association with Consultant Technologies, examines issues relating to security, productivity, cost and return on investment, and features the real-life experiences of a secure IM user - Thai Mosaic and Ceramics.

Bite-size analysis of the business benefits and profitability of implementing secure enterprise IM. This video feature, in association with Consultant Technologies, examines cost and return on investment, and efficiencies from a real-life business experiences of a secure IM user - Thai Mosaic and Ceramics.