Can You Build Secure Solutions Built On Microsoft Core Technologies? presented at BlueHat 2006

by Alex Stamos, Scott Stender,

Tags: Security

Summary : iSEC Partners,iSEC Partners
Windows developers depend on the core OS to provide a platform where their application's security assertions can be met. However, it is often the case that developers expect a core technology to provide one security assertion, when in fact it provides a whole set of unrelated assertions. Alex and Scott have found that many security flaws identified during Windows application penetration tests, both internal and external to Microsoft, are the result of a fundamental misunderstanding of a core security technology.
This talk covered the security technologies in Windows that Alex and Scott find are commonly used, and, almost without exception, misused. From if you really know if the machine you are talking to is your server to whether your data packet is safe from tampering on the network, Alex and Scott discussed how to find out if your application is making silly security assumptions or whether you have truly mitigated risks against it.