Source URL: https://techcommunity.microsoft.com/blog/microsoft-security-blog/14-secure-coding-tips-learn-from-the-experts-at-build/4407147
Source: Microsoft Security Blog
Title: 14 secure coding tips: Learn from the experts at Microsoft Build
Feedly Summary: At Microsoft Build 2025, we’re bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster.
The post 14 secure coding tips: Learn from the experts at Microsoft Build appeared first on Microsoft Security Blog.
AI Summary and Description: Yes
**Summary:** The text discusses secure coding practices in the context of software development, particularly as artificial intelligence (AI) plays a larger role in the industry. It highlights the significance of security in coding and introduces multiple sessions at Microsoft Build 2025 focused on teaching developers how to implement secure coding techniques. Each session targets different aspects of security—from secure AI implementation to API security and Zero Trust principles.
**Detailed Description:**
The content emphasizes the growing importance of security in software development, driven by the integration of AI in various applications. The sessions featured at Microsoft Build 2025 are aimed at equipping developers with practical knowledge and tools to enhance security throughout the development lifecycle. Here are the key points elaborated:
– **Importance of Secure Coding:**
– Transition from simply writing clean code to prioritizing security as an essential requirement.
– Acknowledgment of AI’s growing role adds complexity to security practices.
– **Featured Sessions on Secure Coding:**
1. **Secure AI from the Start:**
– Focus on protecting intelligent apps from threats.
– Emphasis on Threat Modeling to assess security risks.
2. **Wisdom from the Past:**
– Review of secure coding evolution over 25 years.
– Insights from historical figures in secure coding.
3. **Lock Down the Data:**
– Introduction of Microsoft Purview APIs for data security and compliance.
4. **End-to-End Security Considerations:**
– Guidance on deploying complete secure AI applications covering identities and data management.
5. **Adversarial Testing and AI Red Teaming:**
– Use of tools to simulate attacks and automate security scanning.
6. **Building Security Agents:**
– Demonstrates the creation of agents using the Security Copilot for IT security workflows.
7. **Engineering System Security Enhancements:**
– Exploring security enhancements in Azure DevOps.
8. **Risk Identification Tools:**
– Hands-on session for employing Python-based risk identification for generative AI.
9. **API Security for AI:**
– Insight into API vulnerabilities specific to AI applications and mitigation strategies.
10. **Automated Access Management:**
– Automated processes for managing access of high-privilege users.
11. **Best Practices for Secure Business Applications:**
– Holistic approaches to security in business applications.
12. **Building Secure AI Agents with Zero Trust:**
– Implementation of Zero Trust principles in AI agent development.
13. **Secure Onboarding Practices:**
– Same as above (content appears duplicated).
14. **User-Friendly Security Practices:**
– Focus on mobile app design while maintaining robust security measures.
– **Learning Opportunities:**
– The sessions are designed for developers at all levels and promise actionable takeaways to enhance security from the ground up.
– Registration is encouraged for access to these invaluable insights at Microsoft Build 2025.
Overall, the text provides a comprehensive look at the necessity for security in current software development practices, especially as AI technologies evolve, highlighting key areas of focus that will resonate with security professionals.