What's in your security toolbox?

Michelle Davidson

BALTIMORE -- No matter what your trade, you have tools to help you with your job. They may be essential tools or items that make your work a little easier. For IT professionals, the hard part is determining what ones should be in your toolbox.

Joe Stagner, Microsoft technical evangelist and developer community champion, opened up his bag of tricks at the recent Software Security Summit and shared with conference attendees tools he's found over the years that help secure applications.

Requires Free Membership to View

Tools always save more money than their cost. The biggest problem is convincing management to buy them.
Joe Stagner

"Tools always save more money than their cost," Stagner said. "The biggest problem is convincing management to buy them."

At Microsoft, however, management ordered the revamp of the software development life cycle and security tools were very much a part of that, he said.

"Microsoft has implemented tools in their software development life cycle and has reduced vulnerabilities by two-thirds," Stagner said. "We've done a bad job of advertising it, but we are having success."

But tools aren't a cure-all. They can't replace people and training, Stagner said. For example, developers at Microsoft all have to read Michael Howard's book Writing Secure Code (2nd edition), they all get training, and they all get annual updates to that training, he said.

The most important thing, Stagner said, is developers have to think like a bad guy. If you can do that, then you can think of the many ways a hacker will attack your software.

That said, Stagner laid out the tools and resources developers may want to consider adding to their toolboxes.


Threat modeling

Code writing

Requirements analysis tools

Regular expression editors

Vulnerability tracking

Reverse engineering

Runtime testing tools


Code evaluation and analysis tools

Authentication diagnostics tool

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: