Edd Morgan shows IronRuby interaction with POCOs and considerations to make this implementation run “on Rails.” Richard Campbell tells what .NET 4.0 does better than its previous versions regarding performance, thread management, and security, Glenn Block offers a primer on MEF for Visual Basic .NET...

Every month, the CLR team gives us insight into the core of managed code, .NET programming best practices, technologies underlying the CLR and .NET Framework, and other tips and suggestions. In the December 2008 issue of MSDN Magazine , Erika Fuentes and Eric Eilebrecht cover some common issues developers...

It’s helpful to think about secure design from a more holistic perspective by using threat models to drive your security engineering process. In the November 2008 issue of MSDN Magazine , Michael Howard proposes using the threat model to help drive other SDL security requirements , primarily code review...

The basic security mechanism of Windows involves having a trusted system component check permissions and rights (AccessCheck) before an operation is allowed to proceed. In the November 2008 issue of MSDN Magazine , John R. Michener explains how to set values for the security settings on objects and how...

The concept of Agile security does not have to be a contradiction in terms. The Microsoft SDL team has defined a set of process improvements that increase security focus while respecting the need to release new code on an ultra-short timeline. In the November 2008 issue of MSDN Magazine , Bryan Sullivan...

Once you start adopting service-oriented principles for your distributed applications, you are crossing a security boundary for every service call you make. Windows Communication Foundation (WCF) provides powerful facilities for implementing authorization in your services. In the October 2008 issue of...

The Security Development Lifecycle (SDL) team recently released details of the SDL process at microsoft.com/sdl . What you won't find in the publicly available SDL documentation is guidance specific to securing Web applications or online services. In the September 2008 issue of MSDN Magazine , Bryan...

In the .NET Framework 3.5, WCF only allows a limited set of scenarios to execute in partial trust. Ideally, you would like to tap into the full power of WCF from distributed transactions to reliable calls to various security credential types without trading off CAS—that is, without resorting to full...

There are many things called threat modeling. Rather than argue about which is "the one true way," a good practice is to consider your needs and what your skills, abilities, and schedules are, and then work with a method that's best for you. In the July 2008 issue of MSDN Magazine , Adam Shostack...

Passwords can be a big security and manageability headache for enterprise IT administrators. Because passwords are cached on computer hard drives and stored on servers, they are susceptible to cracking. In the June 2008 issue of MSDN Magazine , Dan Griffin explains why one-time passwords (OTP) are an...

Whether you’re a developer or an IT pro – or maybe your job involves a little of both – security is an ever-present concern. The June 2008 issue of our sister publication, TechNet Magazine , is focused on security issues. While I recommend reading the entire issue, here are two articles that are particularly...

There are a number of reasons for the many buffer overruns in production C and C++ code. The languages provide direct access to vulnerable memory, but developers also make mistakes, and there have historically been few defenses offered by compilers. In the March 2008 issue of MSDN Magazine , Michael...

Windows Vista and Windows Server 2008 bring some significant changes to services. Many of these features are focused on making it simpler to produce services that are more secure, but among the non-security-related service features are a few aimed at improving the overall responsiveness and reliability...

You may already know the fundamentals of security programming with Windows and ASP.NET security, but how well do you know the security layer that Windows SharePoint Services 3.0 (WSS) adds on top? In the February issue of MSDN Magazine , Ted Pattison highlights some new security terms and concepts that...

"Five years ago, Bill Gates issued a memo to all Microsoft employees explaining the importance of building more secure software. Since then, many people across Microsoft have worked to improve the security of their products. In doing so, we've learned a lot about what it takes to build more secure software...

These days, fuzzing is most frequently used to validate file and network parsers - literally piping a random source of binary data into the parser and then seeing what happens. In the November issue of MSDN Magazine, Dan Griffin takes a look at the extensibility of Visual Studio 2005 Team Edition for...

Small coding errors can result in critical vulnerabilities that can compromise the security of not just entire systems, but even entire companies. Security vulnerabilities are not typically caused by a single error, but rather by a sequence of errors during the course of development: a coding error is...

How can you make sure a crash in your program is not exploitable? The short answer is simple: assume every crash is exploitable and just fix it! In the November issue of MSDN Magazine, Adel Abouchaev , Damien Hasse , Scott Lambert , and Greg Wroblewski outline some best practices for analyzing program...

The November 2007 issue of MSDN Magazine is now available online at http://msdn.microsoft.com/msdnmag/issues/07/11/default.aspx . November brings our 2007 Security Issue, featuring a range of security related topics from code review best practices to tools you can use for testing your apps more effectively...

In the August issue of MSDN Magazine, Juval Lowy presents a declarative security framework for Windows Communication Foundation (WCF) that makes security configuration closer to the simplicity you'll find in other aspects of WCF configuration. This declarative model is simple to use and minimizes the...