Archives For Uncategorized

Yes, dear reader, I have been guilty of not informing you. Things are going so fast nowadays, I still feel a little dizzy.

First of all, I have to report two webcasts I participated to:

And finally, the last webinar, which is yet to come. It is a presentation on “The Need of Threat Modeling in a DevSecOps World”, and is part of the DevSecOps days, organized by the Software Engineering Institute of the Carnegie Mellon University. To see the full program and register, you can go to


I have to say this loud and clear: I love Troy Hunt blog!

You can find there some really funny yet scary stories about our times. In all the fantastic material you can find there, I have found particularly hilarious and troublesome a couple of articles about current practices around credential management. The first one is quite old, but its value has not diminished over the years : it is about password filtering and it introduces some nice examples about what you should not do.

The second article has just been published, and show some very bad practices about credential management.
I owe you a beer, Troy! 🙂

The Security Tools Product Group has just released a preview of the next version of the Threat Modeling Tool. It contains a load of usability improvements and a new template for Azure, developed by the Application Security Community within Microsoft Services, and in particular by the fine colleagues from the Global Delivery Team in Hyderabad.

You can find the announcement here.

Congratulations to the Security Tools Product Group, to the WW SDL Community and to the colleagues in the IGD Team!