Author Archives: Kevin Lam

Kevin Lam, CISSP has over 10 years of experience in information security and has been publicly recognized in 2008, 2009 and 2010 by companies such as Microsoft for his online security contributions and vulnerability research. In 2010 he was awarded a Developer Security Most Valuable Professional (MVP) award from Microsoft Corporation.

Prior to 2007, Kevin was a senior security team member at Microsoft Corporation. At Microsoft he was responsible for protecting and assessing (penetration testing, vulnerability research and application security code review) the security of high-valued highly-targeted products, infrastructure and assets, as well as envisioning and delivering corporate security strategies. He was also a trusted security advisor and trainer to the executive and security teams of some of Microsoft’s largest customers on malicious hacker techniques, best practices and security strategies. Before Microsoft, Kevin was a lead penetration tester at a Big 4 audit firm where he led simulated malicious hacker attacks against Fortune 100 customer networks and trained other global security consultants.

Kevin is the lead author of the book Assessing Network Security (ISBN: 9780735620339), has contributed to several other books and has published several magazine and online articles. He was also responsible for releasing the initial two versions of the Microsoft Anti-Cross Site Scripting Library, which is used by enterprises world-wide to provide protection from the #1 online attack today.

Follow us on Twitter!

It’s been a while since the last post, but I am happy to report that things are really cranking behind the scenes here at Impacta. We’ll have some exciting service/product releases coming up soon that will really help our customers reduce their online risk.  You can follow us on Twitter if you have not already done [...]

WhiteHouse.Gov and NASDAQ.com Website Under Attack … What’s The Big Deal?

I was following some of the news stories on television (mostly pieces about Michael Jackson memorial service, and the shape of the economy, etc.) when a news story broke out that the websites for the United States White House, several other government sites and the NASDAQ where under cyber attack!  Allegedly the attacks were originating from Northern [...]

Impacta and Microsoft Corporation work together in May 2009 to protect online customers

Impacta was once again recognized by Microsoft Corporation in the month of May 2009 for helping them to find vulnerabilities in their online services and protecting their customers through responsible reporting. Check out Microsoft’s security researcher acknowledgement page for more information. –Kevin

Impacta and Microsoft Corporation work together in April 2009 to protect online customers

Once again, I am proud to announce that Impacta was recognized by Microsoft Corporation for helping them to find vulnerabilities in their online services and protecting their customers through responsible reporting for the month of April 2009. Check out Microsoft’s security researcher acknowledgement page for more information. –Kevin

Microsoft TechEd 2009 is Now A Wrap!

Microsoft TechEd 2009 is now a wrap!  My session took home some pretty high scores and from the looks of the evaluations so far at least within the top 10 in the security, identity and access tracks, possibly top 5! By this time next year, I am hopeful that one of the key preventative online risk technologies [...]

Death by Windows 2008 … Well Almost: ASLR is Bad News for Malicious Hackers

Not that ASLR is a brand new thing, but this was the first time that I’ve had to go head on against a defensive mechanism like this and it almost gave me a heart attack. Bad news for the real bad-guys, good news for the rest of us.  Bravo, nice work Microsoft!  Here’s what happened … [...]

TechEd 2009 SIA323: What Developers Can Do Today to Better Protect Their Applications from Malicious Attack

Even though I needed to spend Day 2 in my hotel room finishing a deliverable I have to tell you from my experience with Day 1 (05/11/09), Microsoft has definitely put on a great conference.  The talks that I’ve been to have been nothing short of top-notch and I am looking forward to heading back [...]

Impacta LLC and Microsoft Corporation work together in February 2009 to protect online customers

It’s a little late, but once again I am happy to announce that Impacta was acknowledged by Microsoft for helping Microsoft protect their customers by responsibly reporting vulnerabilities for the month of February 2009. Check out Microsoft’s security researcher acknowledgement page for more information.  –Kevin

Twitter Worm: How It Could Have Been Prevented

No doubt you may have already heard about the worm that hit the Twitter service over the weekend that affected 10,000+ tweets as reported on Twitter’s blog. According to the Puget Sound Business Journal, 17-year-old Michael “Mikeyy” Mooney from StalkDaily admitted to originating the attack.   How could something like have been prevented? More important, how could you [...]

Top Developer Security Pet Peeves, What Are Yours?

Hey everyone, looks like I’ll get the fabulous opportunity of presenting at this upcoming Microsoft TechEd 2009North America developer track. The topic that I’ll be presenting on is tentatively on is the top things developers can do today to make their applications more secure and trustworthy. There will be demonstrations of today’s most common attack [...]