14 DAY TRIAL // Protecting sensitive information must be a priority for all customers from end users to enterprises, and new free resource from Microsoft is focused on helping customers secure their data.
A new Quick Security Reference is available for download dealing with Exposure of Sensitive Information, in addition to the previous two whitepapers offered by the software giant Cross-Site Scripting and SQL Injection.
The resource was put together by the Redmond company’s Security Development Lifecycle group, and as previous releases it can be grabbed free of charge from the Microsoft Download Center.
“Accidental exposure of sensitive information is a common flaw criminals will look for when initiating attacks.
“This type of attack does not have a catchy acronym or get as much attention as some more popular classes of attacks.
“However, these flaws and the subsequent exposure of sensitive information are often canaries in the metaphorical software mine,” revealed Microsoft’s Jeremy Dallman.
The latest QSR released by Microsoft allows IT professionals to asses a range of criteria related to their organization’s sensitive information, including storage, protection, usage, etc.
At the same time, the paper is designed to detail the best practices that customers can embrace in order to prevent sensitive data leaks.
The Exposure of Sensitive Information Quick Security Reference enables companies to have a different perspective on business risk, robust design architectures, defenses, and validation of practices.
“Failure to protect sensitive data and the inadvertent exposure of that sensitive information is a rapidly growing problem facing many software development organizations including mature ones,” Dallman added.
“Attackers are finding ways to harvest valuable user information, launch direct attacks on systems, or use more sophisticated techniques based on accidentally exposed sensitive information.
“By better understanding these vulnerabilities that lead to inadvertent disclosure, one can more easily and efficiently deal with existing issues and implement ongoing solutions that help protect sensitive information and the users of that information.”