All you need to prepare for an Interview @ Microsoft

Click here for Microsoft Interview Questions Guide Website.

This web-site is organized into the following sections:

• Microsoft Interview Process
• HR Questions
• Technical Questions
• Puzzles/Riddles
• Resume Tips and Template
• Discuss
• Question to Interviewer
• Interview Tips

Microsoft releases Visual Studio plug-in to detect XSS in .NET code

XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It also detects whether proper encoding or filtering has been applied to the data and will ignore such "sanitized" paths.

Click here to download

Difference between focusing on problems and focusing on solutions

Case 1 :
When NASA began the launch of astronauts into space, they found out that the pens wouldn't work at zero gravity (ink won't flow down to the writing surface). To solve this problem, it took them one decade and $12 million. They developed a pen that worked at zero gravity, upside down, underwater, in practically any surface including crystal and in a temperature range from below freezing to over 300 degrees C. And what did the Russians do...?? They used a pencil.

Case 2 :
One of the most memorable case studies on Japanese management was the case of the empty soapbox, which happened in one of Japan's biggest cosmetics companies. The company received a complaint that a consumer had bought a soapbox that was empty. Immediately the authorities isolated the problem to the assembly line, which transported all the packaged boxes of soap to the delivery department. For some reason, one soapbox went through the assembly line empty. Management asked its engineers to solve the problem. Post-haste, the engineers worked hard to devise an X-ray machine with high-resolution monitors manned by two people to watch all the soapboxes that passed through the line to make sure they were not empty. No doubt, they worked hard and they worked fast but they spent a whoopee amount to do so.

But when a rank-and-file employee in a small company was posed with the same problem, he did not get into complications of X-rays, etc., but instead came out with another solution. He bought a strong industrial electric fan and pointed it at the assembly line. He switched the fan on, and as each soapbox passed the fan, it simply blew the empty boxes out of the line.

The above 2 cases might be good examples for Root Cause Analysis(Find & remediate the root cause instead of addressing the symptoms)

Integrated Application Security into Software Development Life Cycle

With today, I had completed integrating security in standard SDLC to prevent security bugs from appearing in released applications. SEI CMMI Version 1.1, Maturity Level 5 Process has been updated with security tests/tools/guidelines/templates to ensure application security is adequately covered and controls are effective throughout the development process. Following is the breif summary outlined here.

SDLC Process	Requirements & Engineering Management	Architecture & Design *	Coding & Unit Testing	Integration & Testing
Entry Criteria	Business Requirements	Security requirements	Threat model	White Box test results
	Constraints & assumptions	High Level Architecture/Design Document Use cases	High Level/Low Level Architecture, Design Documents
Activities	Determine application risk rank	Create threat model	Security development/coding guidelines/best practices	Automated Application Assessment
	Identify key compliance objectives	Review/modify security requirements	White Box Review & Host review	Manual/Automated penetration testing
	Define secure integration with external systems	Architecture & Design Review	Static code analyzer
Deliverables	Security test strategy	Threat model
	Security integrated into the development process	Security requirements in all defined components	White Box Review Report & Sign off	Black Box Review Report & Sign Off
	Predictive Risk Ranking	Architecture & Design Review Report
Tools	Security consultant	Threat Model Tool	Static Code Analyzer	Automated security tool
	Security Requirements Review Checklist	Architecture & Design Review Checklist	Security Development Guidelines
Exit	Test strategy approved	No Sev 1 & Sev 2 issues exists	No Sev 1 & Sev 2 issues exists	No Sev 1 & Sev 2 issues exists
Responsibility	Project Team & Security Team	Project Team & Security Team	Project Team & Security Team	Project Team & Security Team

Cross-site scripting

Introduction

Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites suffer from a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.


"What is Cross Site Scripting?"

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it, then it may be possible for "joe" to hijack my session just by reading his bulletin board post. Further details on how attacks like this are accomplished via "cookie theft" are explained in detail below.


Introduction

Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites suffer from a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.


"What is Cross Site Scripting?"

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it, then it may be possible for "joe" to hijack my session just by reading his bulletin board post. Further details on how attacks like this are accomplished via "cookie theft" are explained in detail below.


"What does XSS and CSS mean?"

Often people refer to Cross Site Scripting as CSS. There has been a lot of confusion with Cascading Style Sheets (CSS) and cross site scripting. Some security people refer to Cross Site Scripting as XSS. If you hear someone say "I found a XSS hole", they are talking about Cross Site Scripting for certain.

Often people refer to Cross Site Scripting as CSS. There has been a lot of confusion with Cascading Style Sheets (CSS) and cross site scripting. Some security people refer to Cross Site Scripting as XSS. If you hear someone say "I found a XSS hole", they are talking about Cross Site Scripting for certain.

Internet bots

Internet bots, also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. The largest use of bots is in web spidering, in which an automated script fetches, analyses and files information from web servers at many times the speed of a human. Each server can have a file called robots.txt, containing rules for the spidering of that server that the bot is supposed to obey.

In addition to their uses outlined above, bots may also be implemented where a response speed faster than that of humans is required (e.g., gaming bots and auction-site robots) or less commonly in situations where the emulation of human activity is required, for example chat bots.

Bots are also being used as organization and content access applications for media delivery. Webot.com is one recent example of utilizing bots to deliver personal media across the web from multiple sources. In this case the bots track content updates on host computers and deliver live streaming access to a browser based logged in user.

These chatterbots may allow people to ask questions in plain English and then formulate a proper response. These bots can often handle many tasks, including reporting weather, zip-code information, sports scores, converting currency or other units, etc. Others are used for entertainment, such as SmarterChild on AOL Instant Messenger and MSN Messenger and Jabberwacky on Yahoo! Messenger. Another popular AIM bot is FriendBot

An additional role of IRC bots may be to lurk in the background of a conversation channel, commenting on certain phrases uttered by the participants (based on pattern matching). This is sometimes used as a help service for new users, or for censorship of profanity.

AOL Instant Messenger has now introduced a feature that allows you to make a screen name into a bot. This new feature removes the rate limit on the screen name, however it is now limited in the amount of instant messages that can be sent and received.

between http:// and https:/

The main difference between http:// and https:// is It's all about keeping you secure

HTTP stands for HyperText Transport Protocol, which is just a fancy way of saying it's a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients.

The important thing is the letter S which makes the difference between HTTP and HTTPS.

The S (big surprise) stands for "Secure".

If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.

This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.

This is why you never ever enter your credit card number in an http website!

But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.

You understand why this is so important, right?

If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://.

If it doesn't, there's no way you're going to enter sensitive information like a credit card number!

Backup your computer

It’s an essential task for any computer user, but it’s also pretty intimidating for most. Here’s a simple guide to backing up the data on your computer

There are many reasons why you should back up your computer—possibiliti es of hard disk corruption or crash due to malicious programs or technical faults, accidents such as fires or thefts, and so on. However, for most users, a ‘backup’ is either inessential or too technical. It needn’t be either of these; here are guidelines you could follow to make backing up a routine task.

What to back up

You should back up data that cannot be replaced easily, balancing this with the need to keep backup sizes within reasonable control. If you have hundreds of gigabytes of music, it may not be possible to back up all of it within reasonable costs.

You could decide to back up your work-related files, Internet downloads that you’ve paid for, photographs, music that you’ve purchased from the Internet, any financial records, your Outlook Address Book and so on.

Once you decide what you would like to backup, you can estimate the amount of storage space you would need for this. The estimate should also include the possibility of data growth in future. The amount of storage space you need will help you decide where you would create your backups.

Where to back up

A backup should ideally be created on a separate hard disk or at least a separate hard-disk partition. You could also take backups on Zip drives, CDs or DVDs, or even USB pen drives. Remember that taking backups is a regular task, so you need adequate space for them. If you decide to backup to removable media like CDs or DVDs, remember to buy RW disks, so that you can update your backups by erasing the older ones and burning the new ones.

Another way of taking backups is to do it online. Here, you connect to a website, such as Xdrive, which gives you a backup utility that creates your backup, compresses it, encrypts it, and then transfers it to a third-party location. You can connect to this location to view or update your backups, when your system information or data changes. Online backups have the advantage that your data is stored in two separate locations—your PC and a remote location.

CD-RWs and DVD-RWs are relatively inexpensive. Moreover, a CD-RW can store up to 700 MB of data, while a DVD-RW can store a few GB. However, you need to check that your PC comes with the appropriate drive for the media you want to use. Otherwise, you’ll need to invest in the drive as well. Most USB drives can hold up to 2 GB of data and are not too expensive, but due to their small size, are easy to misplace. Zip drives and disks are relatively expensive, but usually come with backup software that helps in taking backups.

How to back up

There are many ways of taking backups. Windows XP and Vista come with backup utilities. In Windows XP, this is available under Start > All Programs > Accessories > System Tools. In Windows Vista, go to Start > Control Panel > System and Maintenance > Back up your computer.

If you don’t have the backup utility in Windows, you can install it from the CD. Apart from the Windows utilities, you can also use any of the numerous free backup utilities that are available online. Only remember to download these from trusted sites, such as download.com.

Backup utilities take you through the process of backing up—choosing what to back up, where to back up, creating the backup, usually with compression so that more data can be stored. You can also create a backup schedule with the utility.

If the data you want to backup is not too large in size, you can create manual backups. Go to the folder that you want to backup, copy it and paste it to the location or disc where you want to create the backup.

You can also create an image of your hard disk by using utilities meant for this, so that your system can be restored to its current state in case of a crash. Several free utilities are available for this as well.

You’ll need to backup regularly, especially those parts of your essential data that change frequently. You can do this manually if the data isn’t too large or use the backup utility all over again.

CPU inside the Keyboard

CPU inside the Keyboard

Westerner V/S Asian ::: comparision

Blue --> Westerner

Red --> Asian
Opinion


B: Talk to the point
R: Talk around the circle, especially if different opinions

Way of Life


B: individualism, think of himself or herself.

R: enjoy gathering with family and friends, solving their problems, and know each other's business (keh poh).

Punctuality


B: on time.
R: in time.

Contacts


B: Contact to related person only

R: Contact everyone everywhere, business very successful.

Anger
Error! Filename not specified.
B: Show that I am angry.

R: I am angry, but still smiling... (beware!)

Queue when Waiting


B: Queuing in an orderly manner

R: Queuing?! What's that?

Sundays on the Road


B: Enjoy weekend relaxing peacefully.

R: Enjoy weekend in crowded places, like going to the mall.

Party


B: Only gather with their own group.

R: All focus on the one activity that is hosted by the CEO .

In the restaurant


B: Talk softly and gently in the restaurant.

R: Talk and laugh loudly like their own the restaurant .

Travelling


B: Love sightseeing and enjoy the scenery.

R: Taking picture is the most important, scenery is just for the background.

Handling of Problems
Error! Filename not specified.

B: Take any steps to solve the problems.

R: Try to avoid conflicts, and if can, don't leave any trail.

Three meals a day


B: Good meal for once a day is sufficed.

R: At least 3 good meals a day.

Transportation


B: Before drove cars, now cycling for environmental protection.

R: Before no money and rode a bike, now got money and drive a car .

Elderly in day to day life


B: When old, there is snoopy for companionship.

R: When old, guarantee will not be lonely, as long as willing to baby-sit the grandkids.

Moods and Weather


B: The logic is, rain is pain.

R: The more the rain, more prosperity .

The Boss


B: The boss is part of the team.

R: The boss is a Fierce god.

What's Trendy


B: Healthy Asian cuisine
R: Expensive Western cuisine.

The Child


B: The kid is going to be independent and make his/her own living.

R: Work, live and all for the kids, the centre of life.