ACE Team - Security, Performance & Privacy
The Secrets Of High Performance Consulting From ACE Performance Engineer
Alik here. Being member of a global team I was wondering recently about few questions: How...
Author: ACE Team Date: 12/01/2008
Vulnerabilities in Web Applications due to improper use of Crypto – Part 2
Continuing with my last post on vulnerabilities in web applications due improper use of crypto, lets...
Author: ACE Team Date: 11/29/2008
Vulnerabilities in Web Applications due to improper use of Crypto – Part 1
Cryptography is used often in web applications. Web sites that use cookie based authentication...
Author: ACE Team Date: 11/13/2008
Disk Partition Alignment (Sector Alignment): Part I: Slide Deck
Disk partition alignment is a best practice. Now that SQL Server wait stats are formally documented...
Author: ACE Team Date: 11/04/2008
IE7 vs. IE8 in VSTS 2008 SP1 Load test
As we all know, IE8 is coming out soon (Beta 2 is already released) and one of the major performance...
Author: ACE Team Date: 10/09/2008
How to simulate IE Caching in VSTS 2008
Sometimes it’s beneficial to run load test simulating IE cache. For example, if application is used...
Author: ACE Team Date: 09/26/2008
Improving Smart Client Performance using IIS 6 Native Compression
In .NET 2.0 the property .EnableDecompression was added which will allow you to use IIS 6 Native...
Author: ACE Team Date: 09/22/2008
ASP.NET Performance: High CPU Utilization Case Studies And Solutions
This post shares case studies of high CPU utilization of ASP.NET web sites. High CPU utilization was...
Author: ACE Team Date: 08/11/2008
Meter This: Practical Application Of Power Drain Attack
Last week while feeding my caffeine addiction I came across an article in the New York Times titled...
Author: ACE Team Date: 08/04/2008
Security Code Review – String Search Patterns For Finding Vulnerabilities In ASP.NET Web Application
"The hardest thing of all is to find a black cat in a dark room, especially if there is no...
Author: ACE Team Date: 07/24/2008
Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?
Several enterprises are increasingly investing time and money in building application security tasks...
Author: ACE Team Date: 06/14/2008
Application Security Development Lifecycle 4: Finding the right security talent
After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my...
Author: ACE Team Date: 06/02/2008
How Microsoft IT does Secure Application Development: Webcast
Technorati Tags: Conference,SDLC,SDL,IT,ISV I will be discussing Microsoft IT's approach to secure...
Author: ACE Team Date: 05/27/2008
Using Threat Models Beyond the Design Stage
Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the...
Author: TheRockyH Date: 05/22/2008
Security priorities are changing for Canadian organizations
This is a link to an article I recently published through InterGovWorld.com in Canada....
Author: ACE Team Date: 05/19/2008
Increase the TCO, kill the project: An ad-hoc analogy
The other day I was subject to the assertion that the only asset an IT security organizations should...
Author: ACE Team Date: 05/15/2008
Application Security Development Lifecycle 3: Funding Models
Now that you've decided (or battled) to set up an application security program you realize that it...
Author: ACE Team Date: 05/08/2008
Front Range web application security summit in Denver
I will be speaking at the Front Range OWASP Conference (FROCo8) in Denver on June 10th. The focus of...
Author: ACE Team Date: 05/04/2008
Application Security Governance 2: Mandatory or Not?
Large enterprises tend to have a number of line of business (LOB) applications supporting business...
Author: ACE Team Date: 04/22/2008
IIS7 Admin Pack Offers Built In Performance Analysis Reports
Are you web developer building high traffic web site? Are you performance engineer that lives and...
Author: ACE Team Date: 04/21/2008
Improve .Net Applications Performance Effectively And Efficiently
How to anticipate or better off avoid performance related "surprises" during load and...
Author: ACE Team Date: 03/11/2008
Do You Really Need A Distributed Architecture?
Alik here. Does the question sound rhetoric to you? Do you think the answer is “Yes” by default...
Author: ACE Team Date: 02/14/2008
Generate Your Own Security Code Review Checklist Document Using Outlook 2007
Do you conduct security code reviews? - [Yes/No] Do you want to streamline the process of the...
Author: ACE Team Date: 01/16/2008
XSSDetect FAQ
Hi! This is Hassan Khan. As promissed, here the FAQs on XSSDetect: Q. What is XSSDetect?A. XSSDetect...
Author: ACE Team Date: 12/11/2007
Operation has timed out from class library in COM+
In a recent MS internal performance gig we encountered an interesting issue with the maxconnection...
Author: ACE Team Date: 11/06/2007
XSSDETECT: Analyzing Large Applications
XSSDetect is a static binary analysis tool. In the first step of analysis it reads target binaries...
Author: ACE Team Date: 10/24/2007
Update: Some details on how XSSDetect does dataflow analysis
Just a brief update, Hassan Khan one of the lead developers of XSSDetect and part of our ACE...
Author: ACE Team Date: 10/24/2007
XSSDetect Public Beta now Available!
One of the biggest, constant problems we've seen our enterprise customers deal with and we here at...
Author: ACE Team Date: 10/22/2007
ASP.NET ValidateRequest does not mitigate XSS completely
From Eugene Siu's blog:...
Author: ACE Team Date: 10/19/2007
Given enough eyeballs all bugs are shallow: True or False?
From Eugene Siu's blog:...
Author: ACE Team Date: 10/11/2007
System.URI.AbsolutePath Vs Phishing Attack
From Eugene Siu's blog:...
Author: ACE Team Date: 10/10/2007
Web Service Security Guidance
From Eugene Siu's blog...
Author: ACE Team Date: 10/10/2007
Mark Curphey joins Microsoft's ACE Team
Mark joined ACE as of Oct. 1st and we're very glad to have him aboard! The following is a note from...
Author: ACE Team Date: 10/08/2007
More eyeballs for .Net Framework code
From Eugene Siu's blog Microsoft will open up source code of .Net Framework to the public. It allows...
Author: ACE Team Date: 10/04/2007
Silverlight security MSDN magazine article
I have submitted an article proposal to MSDN to write about Silverlight security with my buddy in...
Author: ACE Team Date: 09/21/2007
Just learned how to cross-post via MetaWeblog API
I work for ACE team, and want to cross-post from https://blogs.msdn.com/esiu to...
Author: ACE Team Date: 09/20/2007
ASP.NET File Upload: How to prevent network clogging
Denial of service is one of the threats that you need to consider while implementing file upload...
Author: ACE Team Date: 09/19/2007
AES Vs. 3DES block ciphers
Hi, I am Babur Butter and I am with the ACE Team. Advance Encryption Standard (AES) and Triple DES...
Author: ACE Team Date: 09/07/2007
Application Security Guidance - User and Password Management
Keeping the theme from last post, let us dig into how system designers can take advantage of simple...
Author: ACE Team Date: 08/16/2007
Threat Modeling – Sanity Check List
Hi, I am Sagar Joshi and I work with the ACE Services Team. There is a lot of awareness building...
Author: ACE Team Date: 05/01/2007
Application Security Guidance - Session Management
Hi, I am Ashish Popli and I work with the ACE Services Team. There is a lot of security review...
Author: ACE Team Date: 02/23/2007
S E C U R E Acrostic
Seamless The more integration work that has to be done to get a component to work, the more...
Author: ACE Team Date: 02/09/2007
New addition to the ACE Team from India!
Hi there, I am Richard Lewis and am privileged to be part of the ACE Team at Microsoft. I am with...
Author: ACE Team Date: 01/25/2007
Microsoft Anti-Cross Site Scripting Library V1.5 is Released!
Hello, I wanted to announce that today the ACE and the ASP.NET team released V1.5 of the Anti-Cross...
Author: ACE Team Date: 11/20/2006
ACE's interview with Scoble on Channel 9 - part II & III now up
Hey Folks, part II and III of the Channel 9 interviews are up! You can check out part II here and...
Author: ACE Team Date: 10/29/2006
ACE Team's interview with Scoble on Channel 9 - pt 1
Well its been a while, but ACE's first video has hit Channel 9 today. If you'd like to see some of...
Author: ACE Team Date: 10/24/2006
ACE Services Drops Case Study Flick on Security Development Lifecycle for IT
Hello everyone, my name is Anmol Malhotra and I’m a Security Technologist with ACE [Application...
Author: ACE Team Date: 09/14/2006
Considering the performance impact of your test data source
Most automated tests require some form of data to be used within the tests. These are your test data...
Author: ACE Team Date: 07/17/2006