MSDN Magazine May 2007
View Complete Post
Cryptography Next Generation (CNG) is meant to be a long-term replacement for the CryptoAPI, providing replacements for all of the cryptographic primitives it offered.
MSDN Magazine July 2007
Why is a change to the Windows logon plug-in interface so exciting? Because with credential providers you can customize the logon experience for your users.
MSDN Magazine January 2007
Windows Communication Foundation provides three major protections- confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.
MSDN Magazine August 2006
Building Web sites that provide services external to the corporate firewall is tricky. Usually it's not desirable to grant corporate domain accounts to external clients, and from a purely practical standpoint Kerberos does not work well over the Internet due to the typical configuration of client-side firewalls.
MSDN Magazine April 2003
MSDN Magazine May 2000
MSDN Magazine March 2000
We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.
Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.
Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you're managing user state stored on the client. Here's what you need to know about view state security.
MSDN Magazine July 2010
Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.
MSDN Magazine May 2010
Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.
MSDN Magazine March 2010
Many companies starting out with the SDL are doing so in combination with a security compliance program. We'll show you some best practices and pitfall we've seen when employing SDL principles for compliance.
MSDN Magazine February 2010
Many early adopters cloud platforms have questions about security. We review some of the cryptography services and providers in Windows Azure along with some security implications for applications in the cloud.
MSDN Magazine January 2010
This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.
MSDN Magazine November 2009
In Part 2, the authors cover core OS Event Tracing for Windows (ETW) events as well as present simple scripts to demonstrate a few basic accounting techniques on some of the OS events introduced.
Alex Bendetov, Insung Park
MSDN Magazine October 2009
In the first article of a two-part series, the authors present a high-level overview of the ETW technology and core OS instrumentation.
MSDN Magazine September 2009
This article explores the use of threat modeling to address security concerns in your applications.
Even if you use only the most secure algorithms and the longest key lengths, there's no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.
MSDN Magazine August 2009