RSS Alerts

Share

More services

Roger Halbheer

Job title:
Chief security advisor, Microsoft

Areas of expertise:
Policy, architecture, law enforcement, cybersecurity, processes

Biography:
Roger Halbheer joined Microsoft as Chief Security Advisor of Microsoft Switzerland in 2001 and was promoted to the role of Chief Security Advisor for Microsoft Europe, the Middle East and Africa (EMEA) in February 2007. Roger leads a team of national Chief Security Advisors across EMEA who work with organizations in the commercial and public sectors - including national governments, law enforcement and intelligence agencies - on information technology issues and strategies. He is a trusted advisor to C-level executives, governments and law enforcement agencies and has established relationships with security communities and government agencies across the region. Roger is a regular speaker at industry events and has worked with national and international print and broadcast media both to represent Microsoft and to provide expert comment on broader security issues. A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP). Before joining Microsoft, he was responsible for e-Business Risk Management at PricewaterhouseCoopers in Switzerland. He lives in Zurich and is married with two sons.

Tag Cloud

SecurityCompliancecloudMalwarecloud securityhackingWiFiDavid Harley

Bloggers

Blog

SANS Top 25 Most Dangerous Programming Errors – the same as very often…

I just worked my way through the list SANS published. Looking at the list it is not surprising but scary to see which errors made it to the top of the list:

  1. Cross-site Scripting
  2. SQL Injection
  3. Classic Buffer Overflow
  4. Cross-Site Request Forgery
  5. Improper Access Control

It shows as we often say that the attacks moved up the stack and a lot of challenges are based on improperly written applications. So, if your organization is developing applications, you should start to implement a process like the Security Development Lifecycle. If you need information about this, look at our website: Microsoft Security Development Lifecycle

Roger

Posted 17/02/2010 by Roger Halbheer

Tagged under:Cybercrime,Secure Development

RE: SANS Top 25 Most Dangerous Programming Errors – the same as very often…
Posted 19/02/2010 by Alex Clayton
I think that a big part of this problem is awareness. At a recent security conference one of the speakers was relaying a conversation he had with a senior programmer of high profile and public websites. The conference speaker was amazed that the programmer was not aware of OWASP (http://www.owasp.org/index.php/Main_Page). If programmers are not educated in good security then they are not going to deliver secure applications. The organisation I work for has an application development "bible" that details all the requirements for building apps. There is a detailed security section but was have tried to condense the main security requirements into a small collection of bullet points: Minimise attack surface Use defence in depth Use least privilege Employ secure defaults Assume external systems are insecure Fail to a secure mode Don't depend on security through obscurity alone Don't mix code and data Don't invent cryptography Don't trust user input

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012