What's in your security toolbox?

Joe Stagner, Microsoft technical evangelist and developer community champion, shared with Software Security Summit attendees tools he's found that help secure applications.

BALTIMORE -- No matter what your trade, you have tools to help you with your job. They may be essential tools or items that make your work a little easier. For IT professionals, the hard part is determining what ones should be in your toolbox.

Joe Stagner, Microsoft technical evangelist and developer community champion, opened up his bag of tricks at the recent Software Security Summit and shared with conference attendees tools he's found over the years that help secure applications.

Tools always save more money than their cost. The biggest problem is convincing management to buy them.
Joe Stagner
Microsoft

"Tools always save more money than their cost," Stagner said. "The biggest problem is convincing management to buy them."

At Microsoft, however, management ordered the revamp of the software development life cycle and security tools were very much a part of that, he said.

"Microsoft has implemented tools in their software development life cycle and has reduced vulnerabilities by two-thirds," Stagner said. "We've done a bad job of advertising it, but we are having success."

But tools aren't a cure-all. They can't replace people and training, Stagner said. For example, developers at Microsoft all have to read Michael Howard's book Writing Secure Code (2nd edition), they all get training, and they all get annual updates to that training, he said.

The most important thing, Stagner said, is developers have to think like a bad guy. If you can do that, then you can think of the many ways a hacker will attack your software.

That said, Stagner laid out the tools and resources developers may want to consider adding to their toolboxes.

Training

Threat modeling

Code writing

Requirements analysis tools

Regular expression editors

Vulnerability tracking

Reverse engineering

Runtime testing tools

Obfuscators

Code evaluation and analysis tools

Authentication diagnostics tool

Dig deeper on Software Security Test Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close