News Stay informed about the latest enterprise technology news and product updates.

What's in your security toolbox?

Joe Stagner, Microsoft technical evangelist and developer community champion, shared with Software Security Summit attendees tools he's found that help secure applications.

BALTIMORE -- No matter what your trade, you have tools to help you with your job. They may be essential tools or...

items that make your work a little easier. For IT professionals, the hard part is determining what ones should be in your toolbox.

Joe Stagner, Microsoft technical evangelist and developer community champion, opened up his bag of tricks at the recent Software Security Summit and shared with conference attendees tools he's found over the years that help secure applications.

Tools always save more money than their cost. The biggest problem is convincing management to buy them.
Joe Stagner

"Tools always save more money than their cost," Stagner said. "The biggest problem is convincing management to buy them."

At Microsoft, however, management ordered the revamp of the software development life cycle and security tools were very much a part of that, he said.

"Microsoft has implemented tools in their software development life cycle and has reduced vulnerabilities by two-thirds," Stagner said. "We've done a bad job of advertising it, but we are having success."

But tools aren't a cure-all. They can't replace people and training, Stagner said. For example, developers at Microsoft all have to read Michael Howard's book Writing Secure Code (2nd edition), they all get training, and they all get annual updates to that training, he said.

The most important thing, Stagner said, is developers have to think like a bad guy. If you can do that, then you can think of the many ways a hacker will attack your software.

That said, Stagner laid out the tools and resources developers may want to consider adding to their toolboxes.


Threat modeling

Code writing

Requirements analysis tools

Regular expression editors

Vulnerability tracking

Reverse engineering

Runtime testing tools


Code evaluation and analysis tools

Authentication diagnostics tool

Dig Deeper on Software Security Test Best Practices

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.