This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Becoming a Security Expert
January/February 2008 (vol. 6 no. 1)
pp. 71-73
Michael Howard, Microsoft
The author discusses the basic skills a security expert should learn, including design, development, and tester skills, to thwart attackers.

1. M. Howard, "Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users," MSDN Magazine: The Microsoft Journal for Developers, Nov. 2004; http://msdn.microsoft.com/msdnmag/issues/ 04/11/AttackSurfacedefault.aspx.
2. Microsoft Security Bulletin MS06-034, "Vulnerability in Microsoft Internet Information Services Using Active Server Pages Could Allow Remote Code Execution,"11 July 2006; www.microsoft.com/technet/security/Bulletin MS06-034.mspx.
3. Microsoft Security Bulletin MS04-030, "Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service,"12 Oct. 2004; www.microsoft.com/technet/security/Bulletin MS04-030.mspx.
4. M. Howard, "A Security Lesson that Transcends Programming Language and Operating System Religion,"22 June 2007; http://blogs.msdn.com/sdl/archive/2007/06/ 22a-security-lesson-that-transcends-programming-language-and-operating-system-religion.aspx .
5. M. Howard, "A Process for Performing Security Code Reviews," IEEE Security &Privacy, vol. 4, no. 4, 2006, pp. 74–79.
6. S. Lambert, "Fuzz Testing at Microsoft and the Triage Process,"20 Sept. 2007; http://blogs.msdn.com/sdl/archive/2007/09/ 20fuzz-testing-at-microsoft-and-the-triage-process.aspx .
7. J. Whittaker, "Testing in the SDL,"24 May 2007; http://blogs.msdn.com/sdl/archive/2007/05/ 24testing-in-the-sdl.aspx.
8. J. Whittaker, "Reliability vs. Security,"7 Dec. 2007; http://blogs.msdn.com/sdl/archive/2007/12/ 07reliability-vs-security.aspx.

Index Terms:
security, learning about security, Basic Training
Citation:
Michael Howard, "Becoming a Security Expert," IEEE Security & Privacy, vol. 6, no. 1, pp. 71-73, Jan.-Feb. 2008, doi:10.1109/MSP.2008.3
Usage of this product signifies your acceptance of the Terms of Use.