Michael Howard outlines some of the buffer overrun defenses available in Visual C++ 2005 and beyond.
MSDN Magazine March 2008
View Complete Post
Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.
MSDN Magazine May 2010
This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.
MSDN Magazine November 2009
The vast majority of managed applications run with full trust, but based on my experience teaching . NET security to developers with a broad range of experience, most really don't understand the implications of fully trusted code.
MSDN Magazine April 2004
Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you're managing user state stored on the client. Here's what you need to know about view state security.
MSDN Magazine July 2010
Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.
MSDN Magazine March 2010
Many companies starting out with the SDL are doing so in combination with a security compliance program. We'll show you some best practices and pitfall we've seen when employing SDL principles for compliance.
MSDN Magazine February 2010
This article explores the use of threat modeling to address security concerns in your applications.
MSDN Magazine September 2009
Even if you use only the most secure algorithms and the longest key lengths, there's no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.
MSDN Magazine August 2009
Listen in on a chat between a developer and security pro that delves into some of the major Security Development Lifecycle (SDL) requirements we impose on product teams here at Microsoft
MSDN Magazine May 2009
In this installment we look at the Microsoft Chart Controls; Snippet Designer, a free, add-in for Visual Studio 2008 for creating and editing Code Snippets; refactoring SQL applications; and this month's favorite blog.
MSDN Magazine April 2009
Learn the numerous ways in which you can rewrite URLs to defend against common Web vulnerabilities.
MSDN Magazine March 2009
The Security Development Lifecycle (SDL) threat modeling tool helps you develop great threat models as a backbone of your security process. We'll show you how it works.
MSDN Magazine January 2009
Using threat models to drive your security engineering process helps prioritize the code review, fuzz testing, and attack surface analysis tasks.
MSDN Magazine November 2008
In this installment we introduce you to new Web-oriented security guidance and tools straight from the Security Development Lifecycle (SDL) team at Microsoft.
MSDN Magazine September 2008
In this column the author outlines some approaches to threat modeling that can be employed by development teams of any size.
MSDN Magazine July 2008
This month's column continues the discussion around code access security in WCF and partially trusted services.