DEMO Process Explorer icacls Microsoft Developer Tour MSDev
- Slides: 55
DEMO Контроль целостности Process Explorer + icacls Microsoft Developer Tour #MSDev. Tour
Где хранятся Windows Store Apps? § C: Program FilesWindows. Apps § По умолчанию владелец файлов: Trusted. Installer
WSA Location + имя пользователя C: Program FilesWindows. Apps
DEMO App Container и Low Integrity Level Process Explorer + Broker
Zero day нашли?
Windows XP Internet Explorer 8 Windows 8 Internet Explorer 10 SEHOP Нет Да Protected Mode Нет Да Enhanced Protected Mode (EPM) Нет Да Virtual Table Guard Нет Да ASLR Ограничено Расширенный Stack randomization Нет Да Heap randomization Нет Да Image randomization Нет Да Force image randomization Нет Да Bottom-up randomization Нет Да Top-down randomization Нет Да High-entropy randomization Нет Да PEB/TEB randomization Да Да Heap hardening Ограничено Расширенный Header encoding Нет Да Terminate on corruption Нет Да Guard pages Нет Да Allocation randomization Нет Да Safe unlinking Да Да Header checksum Да Да /GS Да Да Enhanced GS Нет Да Safe SEH Да Да
DEMO EMET Microsoft Developer Tour #MSDev. Tour
Совет № 5 – Не давайте web контенту работать с Win. RT http: //code. msdn. microsoft. com/windowsapps/Mashup. Sample-10689 f 5 b
Совет № 6 – аутентифицируйте приложение и пользователя http: //code. msdn. microsoft. com/windowsapps/Web-Authentication-d 0485122 http: //code. msdn. microsoft. com/windowsapps/Password. Vault-f 01 be 74 a
WSA - работа с десктоп приложением Так делать не радо! Win. Clipboard – copy, paste, cut, move. 3. 1 Requirement “Your app may only depend on software listed in the Windows Store“. => DON’T use file or protocol association. § http: //iinspectable. wordpress. com/2013/03/08/inter-process-communication-with-file-association-inwinrt-part-2/
Рекомендуемые инструменты WACK - Windows App Certification Kit version 3. 1
Windows App Certification Kit
Wintellect Tool § Wintellect Tool - http: //wintellect. com/
Где научиться? www. microsoft. com/sdl www. Secunia. org The Simplified Implementation of the SDL Блог об SDL MSDN Windows 8 developer blog
Где научиться? § [HOLMES 2010]. Holmes, Graham. (2010, April 05). Cisco CSDL Announcement – http: //blogs. cisco. com/security/the_cisco_secure_development_lifecycle_an_overview/ § [LANE 2010]. Lane, Adrian. (2010, May 10). Fire. Starter: Secure Development Lifecycle – You’re Doing It Wrong. Securosis. Retrieved December 29 2010, from http: //securosis. com/blog/firestarter-secure-development-lifecycle-your-doing-it-wrong § [LADD 2010]. Ladd, David. (2010, May 11). “Do what Microsoft did, not what they do”. Retrieved December 29 2010, from http: //blogs. msdn. com/b/sdl/archive/2010/05/11/do-whatmicrosoft-did-not-what-they-do. aspx § [LARSON_LADD 2010]. Larson, Larry. Ladd, David. (2010, May 14). Security Talk: Simplified SDL with David Ladd. Channel 9. Retrieved December 29 2010, from http: //channel 9. msdn. com/Blogs/Larry. Larsen/Security-Talk-Simplified-SDL-with-David-Ladd
Контакты Бешков Андрей {Microsoft, CSS Security} abeshkov@microsoft. com; @abeshkov; блог Бешкова
- Shanghai world financial tour eiffel tours petronas
- Tour escort jobs
- Dangerous world tour setlist
- Demo.assetexplorer
- Asset explorer
- Asset explorer demo
- Msrds
- App builder certification microsoft
- Microsoft robotics developer studio tutorial
- Microsoft robotics studio
- Microsoft azure
- Microsoft bot demo
- Demo project server
- Exchange server demo
- Psern
- Microsoft official academic course microsoft word 2016
- Microsoft official academic course microsoft excel 2016
- Microsoft windows startwarren theverge
- Microsoft excel merupakan program aplikasi adalah
- Microsoft official academic course microsoft word 2016
- Autonomous benthic explorer
- Sentry plan explorer
- Juan rodriguez cabrillo was a portuguese-born explorer
- Pisa data explorer
- Earth system data explorer
- Internet explorer haqida malumot
- Jmp recode
- Corsmap
- Jmp functional data explorer
- Fcatexplorer
- European explorer map
- Apex locator mechanism
- Glovis earth explorer
- Windows 7 internet security settings
- Black hole explorer
- Explore with tom
- Biotechnology explorer gmo investigator kit
- Netscape navigator internet explorer
- Spec explorer
- Mozilla firefox safari
- Hdf explorer
- Hdf explorer
- Analyse internet explorer
- Browser trident
- Darwindumper
- Windows pe
- Landsat look viewer
- Boundary spanning leadership definition
- Swift gamma ray burst explorer
- Windows explorer
- Henry the navigator accomplishments
- Work interest explorer
- Windows explorer
- Iiasa scenario explorer
- Grammar explorer 3 answer key
- Thomas cook explorer