.NET Rocks! Thirty Years of Application Security with Michael Howard
14 snips
Aug 14, 2025 Michael Howard, a veteran at Microsoft and Senior Director in the Red Team, shares fascinating insights from over 30 years in application security. He delves into the evolution of security practices, emphasizing the importance of integrating security into development from the start. Michael discusses the arms race between attackers and defenders, explaining how the Red Team simulates real threats to bolster defenses. He also highlights the human factors in security vulnerabilities and the rising importance of AI-assisted measures to tackle evolving threats.
AI Snips
Chapters
Transcript
Episode notes
Red Team Acts Like Real Attackers
- Michael Howard describes the Microsoft Red Team as acting like real attackers to achieve objectives inside the company.
- He studies the attack path and converts findings into training and fixes for Microsoft.
Objective‑Driven Attacks Reveal Real Gaps
- Red teaming differs from penetration testing because it starts with objectives and hides actions inside the target environment.
- Red teams emulate attackers, obfuscate, and change course if detected to reveal real security gaps.
Tamper Tape Defense Backfires
- Michael recounts an ATM tamper‑tape example to show defensive thinking can be subverted.
- He used the defense itself to show how attackers can bypass or weaponize it.