.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Security Briefs: Add a Security Bug Bar to Microsoft Team Foundation Server 2010

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.

Bryan Sullivan

MSDN Magazine March 2010

View Complete Post

More Related Resource Links

Security Briefs: Security in Windows Communication Foundation


Windows Communication Foundation provides three major protections- confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.

Keith Brown

MSDN Magazine August 2006

ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S


The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004

Security Briefs: Exploring S4U Kerberos Extensions in Windows Server 2003


Building Web sites that provide services external to the corporate firewall is tricky. Usually it's not desirable to grant corporate domain accounts to external clients, and from a purely practical standpoint Kerberos does not work well over the Internet due to the typical configuration of client-side firewalls.

Keith Brown

MSDN Magazine April 2003

Trouble With Team Foundation Server/Visual Studio 2010

Hi At work we are 2 guys on the same project. We both program in visual studio 2010. The other guy complains that he don't see my changes. I know this dude have already executed "Get Latest Version", despite that he don't get my changes. Some more information that may be relevant:Each time I've done some changes to the source code on my local computer, when I run the code breakpoints are not triggered. I get a message saying something about mismatch between different version of the source (or something like that, weeks sinece I saw that message). It's a while since I saw that message becasue I've found a work-around: Each time I've done changes tothe source code I do this:- Clean Solution- Rebuild (Release)- Rebuild (Debug) When I've done that I can see my own changes.. But the other guy have trouble with seeing my changes. I'm not sure how to fix it so that he see my changes. I checkin regulary so my changes should be available on the Team Foundation Server. Any help on this would be very helpful

Security Briefs: The MSF-Agile+SDL Process Template for TFS 2010

The MSF-Agile project template for Team Foundation Server makes it easy for your team to implement Agile techniques. The new MSF-Agile+SDL template adds Security Development Lifecycle requirements. We'll show you how it works.Bryan SullivanMSDN Magazine September 2010

System.TypeLoadException: Could not load type 'Microsoft.Office.Server.Security.LdapMembershipProvi

So this is odd, I am attempting to setup FBA with Sharepoint Foundation 2010 and i get the following Error: (from ULS log viewer): System.TypeLoadException: Could not load type 'Microsoft.Office.Server.Security.LdapMembershipProvider' from assembly 'Microsoft.Office.Server, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c'. at System.RuntimeTypeHandle._GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, Boolean loadTypeFromPartialName) at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) at System.RuntimeType.PrivateGetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) at System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) at System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) and in IIS Logs: Exception information:     Exception type: ConfigurationErrorsException     Exception message: Could not load type 'Microsoft.Off

moving Team Foundation Server 2010 site to SharePoint 2010 farm.....

What is the best way to move a Team Foundation Server site over to our SharePoint 2010 farm? Can someone please point me to some documentation on how? Thanks,

Security Briefs: View State Security


Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you're managing user state stored on the client. Here's what you need to know about view state security.

Bryan Sullivan

MSDN Magazine July 2010

Security Briefs: Regular Expression Denial of Service Attacks and Defenses


Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Bryan Sullivan

MSDN Magazine May 2010

Security Briefs: Security Compliance as an Engineering Discipline


Many companies starting out with the SDL are doing so in combination with a security compliance program. We'll show you some best practices and pitfall we've seen when employing SDL principles for compliance.

Brad Hill

MSDN Magazine February 2010

Security Briefs: XML Denial of Service Attacks and Defenses


This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Bryan Sullivan

MSDN Magazine November 2009

Security Briefs: A Follow-on Conversation about Threat Modeling


This article explores the use of threat modeling to address security concerns in your applications.

Michael Howard

MSDN Magazine September 2009

Security Briefs: Cryptographic Agility


Even if you use only the most secure algorithms and the longest key lengths, there's no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.

Bryan Sullivan

MSDN Magazine August 2009

Security Briefs: A Conversation About Threat Modeling


Listen in on a chat between a developer and security pro that delves into some of the major Security Development Lifecycle (SDL) requirements we impose on product teams here at Microsoft

Michael Howard

MSDN Magazine May 2009

Security Briefs: Protect Your Site With URL Rewriting


Learn the numerous ways in which you can rewrite URLs to defend against common Web vulnerabilities.

Bryan Sullivan

MSDN Magazine March 2009

Security Briefs: Getting Started With The SDL Threat Modeling Tool


The Security Development Lifecycle (SDL) threat modeling tool helps you develop great threat models as a backbone of your security process. We'll show you how it works.

Adam Shostack

MSDN Magazine January 2009

Security Briefs: Threat Models Improve Your Security Process


Using threat models to drive your security engineering process helps prioritize the code review, fuzz testing, and attack surface analysis tasks.

Michael Howard

MSDN Magazine November 2008

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend