The Community for Technology Leaders
RSS Icon
Issue No.01 - January/February (2008 vol.6)
pp: 71-73
Michael Howard , Microsoft
The author discusses the basic skills a security expert should learn, including design, development, and tester skills, to thwart attackers.
security, learning about security, Basic Training
Michael Howard, "Becoming a Security Expert", IEEE Security & Privacy, vol.6, no. 1, pp. 71-73, January/February 2008, doi:10.1109/MSP.2008.3
1. M. Howard, "Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users," MSDN Magazine: The Microsoft Journal for Developers, Nov. 2004; 04/11/AttackSurfacedefault.aspx.
2. Microsoft Security Bulletin MS06-034, "Vulnerability in Microsoft Internet Information Services Using Active Server Pages Could Allow Remote Code Execution,"11 July 2006; MS06-034.mspx.
3. Microsoft Security Bulletin MS04-030, "Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service,"12 Oct. 2004; MS04-030.mspx.
4. M. Howard, "A Security Lesson that Transcends Programming Language and Operating System Religion,"22 June 2007; 22a-security-lesson-that-transcends-programming-language-and-operating-system-religion.aspx .
5. M. Howard, "A Process for Performing Security Code Reviews," IEEE Security &Privacy, vol. 4, no. 4, 2006, pp. 74–79.
6. S. Lambert, "Fuzz Testing at Microsoft and the Triage Process,"20 Sept. 2007; 20fuzz-testing-at-microsoft-and-the-triage-process.aspx .
7. J. Whittaker, "Testing in the SDL,"24 May 2007; 24testing-in-the-sdl.aspx.
8. J. Whittaker, "Reliability vs. Security,"7 Dec. 2007; 07reliability-vs-security.aspx.
22 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool