Windows 7 Security Evolution

Confronted with increasingly bulletproofed Windows operating systems, the threat environment shifted toward targeting vulnerabilities in the code designed to run on top of the platform. With security enhancements such as User Account Control, Address Space Layout Randomization, Kernel Patch Protection and driver signing, but also with the new development methodology set in place via the Microsoft Security Development Lifecycle, vulnerabilities in Windows Vista and its successor Windows 7 have become harder to exploit, in the eventuality that attackers do come across critical security holes.

The biggest advantage in terms of security Vista and Windows 7 have over precursor Windows clients is the Security Development Lifecycle. And with the threat environment changing focus onto third-party Windows applications, Microsoft is ready to share the SDL secrets with third-party developers. An illustrative example in this regard is the Microsoft Security Development Lifecycle (SDL): Developer Starter Kit.

“The Microsoft SDL – Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices,” Microsoft revealed.

Developers will be able to leverage no less than 14 content modules. Microsoft is sharing with the developer community speaker notes, presenter guides, and sample comprehension questions. In addition, the SDL Developer Starting Kit also brings to the table 8 MSDN Virtual Labs complete with manuals, allowing organizations to create custom SDL training programs for their development teams.

Below you will find the individual materials from the Microsoft SDL – Developer Starter Kit:

Secure Design Principles
Secure Implementation Principles
Threat Modeling Principles
Threat Modeling Tool Principles
SQL Injection Vulnerabilities Bonus!
MSDN Virtual Lab
Cross-Site Scripting Vulnerabilities Bonus!
MSDN Virtual Lab
Code Analysis Bonus!
MSDN Virtual Lab
Banned APIs
Source Code Annotation Language Bonus!
MSDN Virtual Lab
Security Code Review Bonus!
MSDN Virtual Lab
Fuzz Testing Bonus!
MSDN Virtual Lab
Compiler Defenses Bonus!
MSDN Virtual Lab
Buffer Overflows Bonus!
MSDN Virtual Lab

Tags: attack, attacker, attackers, critical security, download, enhancements, exploit, Microsoft, microsoft security, SDL, Security, security development lifecycle, security enhancements, Starter Kit, User Account Control, vulnerabilities, Windows, Windows 7

This entry was posted on Wednesday, October 7th, 2009 at 5:33 am and is filed under Windows 7. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related posts

• Security Process that Bulletproofed Windows 7 (0)
• Microsoft Reacts to Windows 7 0-Day DoS Vulnerability (0)
• Microsoft Patches 34 Security Vulnerabilities (1)
• Windows Vista and Malware Immunity (0)
• Windows 7 UAC Setting Access Cut (0)
• Windows 7 Security Release ISO Image for February 2010 (1)
• Windows 7 RTM Patches ISO Image (1)
• Windows 7 IT Pro Guides (1)
• Windows 7 BitLocker Ready for TPM Hacks (0)
• Windows 7 Beta Application Incompatibility Behavior (0)
• Useful Windows 7 Enhancements (0)
• TOP 10 – February 2010 Popular Tips (0)
• Security Assessment Tool 4.0 for Vista and XP (0)
• Hacking Windows 7 RTM (0)
• 3 Security Features to Help Keep Your PCs Safer (0)
• XP Service Pack 3 Goes Live (2)
• Windows Vista: An FAQ for Nonprofits (0)
• Windows PowerShell 2.0 Software Development Kit (SDK) (0)
• Windows Malicious Software Removal Tool (1)
• Windows Help program (0)