{"id":25840,"date":"2025-05-15T10:36:12","date_gmt":"2025-05-15T18:36:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2025\/05\/15\/news-19560\/"},"modified":"2025-05-15T10:36:12","modified_gmt":"2025-05-15T18:36:12","slug":"news-19560","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2025\/05\/15\/news-19560\/","title":{"rendered":"14 secure coding tips: Learn from the experts at Microsoft Build"},"content":{"rendered":"

Credit to Author: Joey Snow| Date: Wed, 30 Apr 2025 18:00:00 +0000<\/strong><\/p>\n

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn’t just a ‘nice-to-have’\u2014it’s a must. Whether you’re building web apps, working on cloud services, or adding AI to your projects, keeping your code safe is just as important as getting it out the door.<\/p>\n

At Microsoft Build 2025, we\u2019re bringing together some of the most influential security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code \u2014 faster.<\/p>\n

Here are 14 quick secure coding tips that will make you a better, more security-savvy developer \u2014 and the security sessions @Build where you can learn more from the experts:<\/p>\n

\ud83c\udfaf 1. Secure AI from the start
Discover how to deliver intelligent apps without sacrificing security. This session covers how to protect against threats across code, secrets, dependencies, and even LLMs. Learn how to use Threat Modeling early in the product lifecycle to identify, assess and address security risks. You\u2019ll learn about developer-focused security tools to deploy with confidence without context switching.<\/p>\n

Learn more:<\/p>\n

Session: \u201cShift Left: Secure Your Code and AI from the Start\u201d
With Mark Russinovich, CTO, Deputy CISO and Technical Fellow, Microsoft Azure; Marcelo Oliveira, VP, Product Management, GitHub; Neil Coles, Principal Security Engineer
\ud83e\uddea 2. Use the Wisdom from the Past
Michael Howard – author of the original secure coding book back in 2003 and now a senior director in the Microsoft Red Team – reflects on 25 years of secure code, how the practice has developed and current challenges in secure development. Get ready for an end-to-end secure coding journey from Bill Gates anecdotes and tips for how you in 2025 can code securely to meet today’s security threats.<\/p>\n

Learn more:<\/p>\n

Session: \u201cReflections on 25 years of writing secure code\u201d
With Michael Howard, Senior Director, Red Team
\ud83d\udccf3. Lock down the data
Microsoft is releasing a set of Purview APIs (+SDK) that will allow partners and customers to integrate their custom AI apps with the Microsoft Purview ecosystem for enterprise grade Data Security and Compliance outcomes. Join this demo session to get the latest.<\/p>\n

Learn more:<\/p>\n

Session: \u201cBuild secure and compliant AI applications with Microsoft Purview\u201d
With Arpitha Dhanapathi, Principal Product Manager
\ud83d\udd1a4. Think about security from start to finish
Security can be challenging at the best of times, especially when it\u2019s not your full-time job. In this session, we walk you through the end-to-end deployment of a secure AI application, all the way from identities, VNETS, NSGs, key vault through to prompt shields and data labelling. If you\u2019ve ever felt overwhelmed by trying to do the right thing by security but didn\u2019t know where to start, this session is for you!<\/p>\n

Learn more:<\/p>\n

Session: \u201cDeploying an end-to-end secure AI application\u201d
With Sarah Young, Principal Security Advocate & Pamela Fox, Principal Cloud Advocate
\ud83e\udd16 5. Play dev-ils advocate
To keep pace with evolving AI risks, organizations need tools to effectively test their AI systems, simulate adversarial attacks, and uncover weaknesses before bad actors can exploit them. Learn how the AI Red Teaming Agent in Azure AI Foundry can help your organization run automated scans for safety risks so you can leverage Microsoft’s deep expertise to scale and accelerate your AI development with Trustworthy AI at the forefront.<\/p>\n

Learn more:<\/p>\n

Session: \u201cAccelerate AI red teaming for your GenAI apps with Azure AI Foundry\u201d
With Minsoo Thigpen, Senior Product Manager & Nagkumar Arkalgud, Senior Software Engineer
\ud83e\udd776. Skill up on agents
Agents\u2014they\u2019re all anyone is talking about. Join this demo session to learn how to extend security copilot to facilitate security and IT workflows across your environment. In this demo you will see how to build an agent with supporting components – plugins and KQL queries – and architect it with triggers to automatically run.<\/p>\n

Learn more:<\/p>\n

Session: \u201cBuilding Agents with Security Copilot\u201d
With Vinod Jagannathan, Principal Product Manager
\ud83d\udd107. Get the inside scoop first
One of the pillars of SFI is securing the engineering system. We will explore changes made to Azure DevOps to enable enhanced engineering system security at Microsoft and how customers can use them to better secure their own engineering systems as well.<\/p>\n

Learn more:<\/p>\n

Session: \u201cLearn How Microsoft secured the Engineering System\u201d
With Karl Piteira, Principal Group Program Manager & Rajesh Ramamurthy, Senior Director, Principal Group Product Management
\ud83d\udea98. Automate what you can
You don\u2019t have to wait to identify risks. The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems. In this hands-on lab, you will learn how to deploy PyRIT and test it against a variety of AI applications.<\/p>\n

Learn more:<\/p>\n

Session: \u201cAI security testing with PyRIT\u201d
With Roman Lutz, Responsible AI Engineer & Richard Lundeen, Principal Software Engineering Lead – AI Red Team
\u2699\ufe0f 9. Secure APIs
Join us for an engaging and informative session where we delve into the intricacies of API security in the context of AI. We’ll examine the unique challenges posed by AI-driven applications and the sophisticated threats that target their APIs. From unauthorized access and data breaches to injection attacks and exploitation of vulnerabilities, the risks are manifold. However, with the right approach, these risks can be effectively mitigated.<\/p>\n

Learn more:<\/p>\n

Session: \u201cFortifying AI Frontiers – Securing APIs the path to your AI app\u201d
With Abhi Singh, Director, Global Black Belt – Security\u202f& Preetham Anand Naik, Senior Product Manager
\ud83c\udd94 10. Verify explicitly, and automatically
We all know the saying, but we\u2019ve got to put it into practice. Join this session to learn how to enable automated processes to securely onboard and grant resource access for high-privilege users with the Microsoft Entra Suite and MS Graph. Verify the identities of admins, C-level employees, or others who need access to sensitive internet or on-premises resources, and automatically reverify them at regular intervals. Work with a chosen identity verification partner for government ID-based verification that ensures your organization onboards and grants access to the right person.<\/p>\n

Learn more:<\/p>\n

Session: \u201cSecure onboarding and access with the Microsoft Entra Suite\u201d
With Sri Ponnada, Senior Product Manager
\u270511. Apply best practices
Join us for an insightful session on best practices and enablement topics for developing and deploying secure solutions within Business Applications, as part of the Secure Future Initiative (SFI). We will look holistically at Power Platform features for Security under SFI pillars and explore Responsible AI with Purview and Copilot. We will further explore demos, design review checklists on product features under Secure by Design, Secure by Default, and Secure Operations for BizApps Solutions.<\/p>\n

Learn more:<\/p>\n

Session: \u201cBuilding Secure Business Apps: Best Practices for Design to Deployment\u201d
With Muhammad Aurangzeb, Senior Partner Solution Architect
\ud83d\udd76\ufe0f 12. Use agents for Zero Trust
In this session, you will learn how to build AI Agents using the OpenAI SDK with Assistants and Function Calling for APIs secured by Microsoft Entra ID. This ensures adherence to Zero Trust principles. We will cover the essential steps to set up and configure the OpenAI SDK in a C# environment and demonstrate how to leverage Microsoft Entra ID for secure authentication and authorization.<\/p>\n

Learn more:<\/p>\n

Session: \u201cBuilding Secure AI Agents with Microsoft Entra ID\u201d
With Fabian Alves, Senior Product Manager
\ud83d\ude36\u200d\ud83c\udf2b\ufe0f 13. Secure your apps, secure your people
Learn how to enable automated processes to securely onboard and grant resource access for high-privilege users with the Microsoft Entra Suite and MS Graph. Verify the identities of admins, C-level employees, or others who need access to sensitive internet or on-premises resources, and automatically reverify them at regular intervals. Work with a chosen identity verification partner for government ID-based verification that ensures your organization onboards and grants access to the right person.<\/p>\n

Learn more:<\/p>\n

Session: \u201cSecuring Applications with Microsoft Entra ID\u201d
With Robert Stewart, Senior Specialist
\ud83d\udcf2 14. Keep it user-friendly for the best results
In the rapidly evolving landscape of mobile application development, achieving pixel-perfect design and robust security is paramount. This lab focuses on the creation of mobile applications integrated via Native Authentication in Microsoft Entra External ID. Participants will explore the intricacies of designing visually precise user interfaces that align seamlessly with their brand while implementing native authentication methods, ensuring secure and efficient user verification processes.<\/p>\n

Learn more:<\/p>\n

Session: \u201cCreating pixel-perfect mobile apps with Native Authentication\u201d
With Joylynn Kirui, Senior Cloud Security Advocate
\ud83d\udcac Come Learn from the People Building the Future
Join these sessions and more at Microsoft Build 2025. Whether you’re a junior dev or a senior architect, you’ll walk away with real-world tactics to help you build apps that are secure, scalable, and resilient \u2014 by design.<\/p>\n

\ud83d\udc49 Register for Microsoft Build Security Sessions Now \u00bb<\/p>\n

The post 14 secure coding tips: Learn from the experts at Microsoft Build<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n

https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Joey Snow| Date: Wed, 30 Apr 2025 18:00:00 +0000<\/strong><\/p>\n

At Microsoft Build 2025, we\u2019re bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster.<\/p>\n

The post 14 secure coding tips: Learn from the experts at Microsoft Build<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[],"class_list":["post-25840","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25840"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25840\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}