ACE Team - Security, Performance & Privacy

The Secrets Of High Performance Consulting From ACE Performance Engineer

Alik here. Being member of a global team I was wondering recently about few questions: How...

Author: ACE Team Date: 12/01/2008

Vulnerabilities in Web Applications due to improper use of Crypto – Part 2

Continuing with my last post on vulnerabilities in web applications due improper use of crypto, lets...

Author: ACE Team Date: 11/29/2008

Vulnerabilities in Web Applications due to improper use of Crypto – Part 1

Cryptography is used often in web applications. Web sites that use cookie based authentication...

Author: ACE Team Date: 11/13/2008

Disk Partition Alignment (Sector Alignment): Part I: Slide Deck

Disk partition alignment is a best practice. Now that SQL Server wait stats are formally documented...

Author: ACE Team Date: 11/04/2008

IE7 vs. IE8 in VSTS 2008 SP1 Load test

As we all know, IE8 is coming out soon (Beta 2 is already released) and one of the major performance...

Author: ACE Team Date: 10/09/2008

How to simulate IE Caching in VSTS 2008

Sometimes it’s beneficial to run load test simulating IE cache. For example, if application is used...

Author: ACE Team Date: 09/26/2008

Improving Smart Client Performance using IIS 6 Native Compression

In .NET 2.0 the property .EnableDecompression was added which will allow you to use IIS 6 Native...

Author: ACE Team Date: 09/22/2008

ASP.NET Performance: High CPU Utilization Case Studies And Solutions

This post shares case studies of high CPU utilization of ASP.NET web sites. High CPU utilization was...

Author: ACE Team Date: 08/11/2008

Meter This: Practical Application Of Power Drain Attack

Last week while feeding my caffeine addiction I came across an article in the New York Times titled...

Author: ACE Team Date: 08/04/2008

Security Code Review – String Search Patterns For Finding Vulnerabilities In ASP.NET Web Application

"The hardest thing of all is to find a black cat in a dark room, especially if there is no...

Author: ACE Team Date: 07/24/2008

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?

Several enterprises are increasingly investing time and money in building application security tasks...

Author: ACE Team Date: 06/14/2008

Application Security Development Lifecycle 4: Finding the right security talent

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my...

Author: ACE Team Date: 06/02/2008

How Microsoft IT does Secure Application Development: Webcast

Technorati Tags: Conference,SDLC,SDL,IT,ISV I will be discussing Microsoft IT's approach to secure...

Author: ACE Team Date: 05/27/2008

Using Threat Models Beyond the Design Stage

Threat Modeling is no longer the obscure magic is used to be. With the creation of tools like the...

Author: TheRockyH Date: 05/22/2008

Security priorities are changing for Canadian organizations

This is a link to an article I recently published through InterGovWorld.com in Canada....

Author: ACE Team Date: 05/19/2008

Increase the TCO, kill the project: An ad-hoc analogy

The other day I was subject to the assertion that the only asset an IT security organizations should...

Author: ACE Team Date: 05/15/2008

Application Security Development Lifecycle 3: Funding Models

Now that you've decided (or battled) to set up an application security program you realize that it...

Author: ACE Team Date: 05/08/2008

Front Range web application security summit in Denver

I will be speaking at the Front Range OWASP Conference (FROCo8) in Denver on June 10th. The focus of...

Author: ACE Team Date: 05/04/2008

Application Security Governance 2: Mandatory or Not?

Large enterprises tend to have a number of line of business (LOB) applications supporting business...

Author: ACE Team Date: 04/22/2008

IIS7 Admin Pack Offers Built In Performance Analysis Reports

Are you web developer building high traffic web site? Are you performance engineer that lives and...

Author: ACE Team Date: 04/21/2008

Improve .Net Applications Performance Effectively And Efficiently

How to anticipate or better off avoid performance related "surprises" during load and...

Author: ACE Team Date: 03/11/2008

Do You Really Need A Distributed Architecture?

Alik here. Does the question sound rhetoric to you? Do you think the answer is “Yes” by default...

Author: ACE Team Date: 02/14/2008

Generate Your Own Security Code Review Checklist Document Using Outlook 2007

Do you conduct security code reviews? - [Yes/No] Do you want to streamline the process of the...

Author: ACE Team Date: 01/16/2008

XSSDetect FAQ

Hi! This is Hassan Khan. As promissed, here the FAQs on XSSDetect: Q. What is XSSDetect?A. XSSDetect...

Author: ACE Team Date: 12/11/2007

Operation has timed out from class library in COM+

In a recent MS internal performance gig we encountered an interesting issue with the maxconnection...

Author: ACE Team Date: 11/06/2007

XSSDETECT: Analyzing Large Applications

XSSDetect is a static binary analysis tool. In the first step of analysis it reads target binaries...

Author: ACE Team Date: 10/24/2007

Update: Some details on how XSSDetect does dataflow analysis

Just a brief update, Hassan Khan one of the lead developers of XSSDetect and part of our ACE...

Author: ACE Team Date: 10/24/2007

XSSDetect Public Beta now Available!

One of the biggest, constant problems we've seen our enterprise customers deal with and we here at...

Author: ACE Team Date: 10/22/2007

ASP.NET ValidateRequest does not mitigate XSS completely

From Eugene Siu's blog:...

Author: ACE Team Date: 10/19/2007

Is Microsoft Office Isolated Conversion Environment(MOICE) mocha on ice?

From Eugene Siu's blog:...

Author: ACE Team Date: 10/19/2007

Given enough eyeballs all bugs are shallow: True or False?

From Eugene Siu's blog:...

Author: ACE Team Date: 10/11/2007

System.URI.AbsolutePath Vs Phishing Attack

From Eugene Siu's blog:...

Author: ACE Team Date: 10/10/2007

Web Service Security Guidance

From Eugene Siu's blog...

Author: ACE Team Date: 10/10/2007

Mark Curphey joins Microsoft's ACE Team

Mark joined ACE as of Oct. 1st and we're very glad to have him aboard! The following is a note from...

Author: ACE Team Date: 10/08/2007

More eyeballs for .Net Framework code

From Eugene Siu's blog Microsoft will open up source code of .Net Framework to the public. It allows...

Author: ACE Team Date: 10/04/2007

Silverlight security MSDN magazine article

I have submitted an article proposal to MSDN to write about Silverlight security with my buddy in...

Author: ACE Team Date: 09/21/2007

Just learned how to cross-post via MetaWeblog API

I work for ACE team, and want to cross-post from http://blogs.msdn.com/esiu to...

Author: ACE Team Date: 09/20/2007

ASP.NET File Upload: How to prevent network clogging

Denial of service is one of the threats that you need to consider while implementing file upload...

Author: ACE Team Date: 09/19/2007

AES Vs. 3DES block ciphers

Hi, I am Babur Butter and I am with the ACE Team. Advance Encryption Standard (AES) and Triple DES...

Author: ACE Team Date: 09/07/2007

Application Security Guidance - User and Password Management

Keeping the theme from last post, let us dig into how system designers can take advantage of simple...

Author: ACE Team Date: 08/16/2007

Threat Modeling – Sanity Check List

Hi, I am Sagar Joshi and I work with the ACE Services Team. There is a lot of awareness building...

Author: ACE Team Date: 05/01/2007

Application Security Guidance - Session Management

Hi, I am Ashish Popli and I work with the ACE Services Team. There is a lot of security review...

Author: ACE Team Date: 02/23/2007

Notes from the field - Crypto API for an enterprise customer

The Engagement Hi, I am Richard Lewis and I am back from executing a CryptoApi project for an...

Author: ACE Team Date: 02/20/2007

S E C U R E Acrostic

Seamless The more integration work that has to be done to get a component to work, the more...

Author: ACE Team Date: 02/09/2007

New addition to the ACE Team from India!

Hi there, I am Richard Lewis and am privileged to be part of the ACE Team at Microsoft. I am with...

Author: ACE Team Date: 01/25/2007

Microsoft Anti-Cross Site Scripting Library V1.5 is Released!

Hello, I wanted to announce that today the ACE and the ASP.NET team released V1.5 of the Anti-Cross...

Author: ACE Team Date: 11/20/2006

ACE's interview with Scoble on Channel 9 - part II & III now up

Hey Folks, part II and III of the Channel 9 interviews are up! You can check out part II here and...

Author: ACE Team Date: 10/29/2006

ACE Team's interview with Scoble on Channel 9 - pt 1

Well its been a while, but ACE's first video has hit Channel 9 today. If you'd like to see some of...

Author: ACE Team Date: 10/24/2006

ACE Services Drops Case Study Flick on Security Development Lifecycle for IT

Hello everyone, my name is Anmol Malhotra and I’m a Security Technologist with ACE [Application...

Author: ACE Team Date: 09/14/2006

Considering the performance impact of your test data source

Most automated tests require some form of data to be used within the tests. These are your test data...

Author: ACE Team Date: 07/17/2006

<Previous Next>