MSDN Magazine

The official blog of MSDN Magazine

Browse by Tags

Tagged Content List
  • Blog Post: alt.msdn – What Media Says on MS Development

    Edd Morgan shows IronRuby interaction with POCOs and considerations to make this implementation run “on Rails.” Richard Campbell tells what .NET 4.0 does better than its previous versions regarding performance, thread management, and security, Glenn Block offers a primer on MEF for Visual Basic .NET...
  • Blog Post: Thread Management and other CLR TidBits

    Every month, the CLR team gives us insight into the core of managed code, .NET programming best practices, technologies underlying the CLR and .NET Framework, and other tips and suggestions. In the December 2008 issue of MSDN Magazine , Erika Fuentes and Eric Eilebrecht cover some common issues developers...
  • Blog Post: Security Briefs: Threat Models Improve Your Security Process

    It’s helpful to think about secure design from a more holistic perspective by using threat models to drive your security engineering process. In the November 2008 issue of MSDN Magazine , Michael Howard proposes using the threat model to help drive other SDL security requirements , primarily code review...
  • Blog Post: Windows File And Registry Permissions

    The basic security mechanism of Windows involves having a trusted system component check permissions and rights (AccessCheck) before an operation is allowed to proceed. In the November 2008 issue of MSDN Magazine , John R. Michener explains how to set values for the security settings on objects and how...
  • Blog Post: Security Development Lifecycle for Agile Development

    The concept of Agile security does not have to be a contradiction in terms. The Microsoft SDL team has defined a set of process improvements that increase security focus while respecting the need to release new code on an ultra-short timeline. In the November 2008 issue of MSDN Magazine , Bryan Sullivan...
  • Blog Post: Service Station: Authorization In WCF-Based Services

    Once you start adopting service-oriented principles for your distributed applications, you are crossing a security boundary for every service call you make. Windows Communication Foundation (WCF) provides powerful facilities for implementing authorization in your services. In the October 2008 issue of...
  • Blog Post: Security Briefs: SDL Embraces The Web

    The Security Development Lifecycle (SDL) team recently released details of the SDL process at microsoft.com/sdl . What you won't find in the publicly available SDL documentation is guidance specific to securing Web applications or online services. In the September 2008 issue of MSDN Magazine , Bryan...
  • Blog Post: Foundations: Code Access Security in WCF

    In the .NET Framework 3.5, WCF only allows a limited set of scenarios to execute in partial trust. Ideally, you would like to tap into the full power of WCF from distributed transactions to reliable calls to various security credential types without trading off CAS—that is, without resorting to full...
  • Blog Post: Security Briefs: Approaches to Threat Modeling

    There are many things called threat modeling. Rather than argue about which is "the one true way," a good practice is to consider your needs and what your skills, abilities, and schedules are, and then work with a method that's best for you. In the July 2008 issue of MSDN Magazine , Adam Shostack...
  • Blog Post: Security: a One-Time Password Solution

    Passwords can be a big security and manageability headache for enterprise IT administrators. Because passwords are cached on computer hard drives and stored on servers, they are susceptible to cracking. In the June 2008 issue of MSDN Magazine , Dan Griffin explains why one-time passwords (OTP) are an...
  • Blog Post: Elevation PowerToys and other Security content in TechNet Magazine

    Whether you’re a developer or an IT pro – or maybe your job involves a little of both – security is an ever-present concern. The June 2008 issue of our sister publication, TechNet Magazine , is focused on security issues. While I recommend reading the entire issue, here are two articles that are particularly...
  • Blog Post: Security Briefs: Buffer overrun defenses in Visual C++

    There are a number of reasons for the many buffer overruns in production C and C++ code. The languages provide direct access to vulnerable memory, but developers also make mistakes, and there have historically been few defenses offered by compilers. In the March 2008 issue of MSDN Magazine , Michael...
  • Blog Post: Windows with C++: Windows Services Enhancements

    Windows Vista and Windows Server 2008 bring some significant changes to services. Many of these features are focused on making it simpler to produce services that are more secure, but among the non-security-related service features are a few aimed at improving the overall responsiveness and reliability...
  • Blog Post: Office Space: Security Programming in SharePoint 2007

    You may already know the fundamentals of security programming with Windows and ASP.NET security, but how well do you know the security layer that Windows SharePoint Services 3.0 (WSS) adds on top? In the February issue of MSDN Magazine , Ted Pattison highlights some new security terms and concepts that...
  • Blog Post: Trustworthy Computing: Lessons learned so far

    "Five years ago, Bill Gates issued a memo to all Microsoft employees explaining the importance of building more secure software. Since then, many people across Microsoft have worked to improve the security of their products. In doing so, we've learned a lot about what it takes to build more secure software...
  • Blog Post: Creating a Custom Fuzz Test Interface Provider

    These days, fuzzing is most frequently used to validate file and network parsers - literally piping a random source of binary data into the parser and then seeing what happens. In the November issue of MSDN Magazine, Dan Griffin takes a look at the extensibility of Visual Studio 2005 Team Edition for...
  • Blog Post: Code Reviews Help Find and Fix Vulnerabilities in Your Apps

    Small coding errors can result in critical vulnerabilities that can compromise the security of not just entire systems, but even entire companies. Security vulnerabilities are not typically caused by a single error, but rather by a sequence of errors during the course of development: a coding error is...
  • Blog Post: Analyze Crashes to Find Security Vulnerabilities in Your Apps

    How can you make sure a crash in your program is not exploitable? The short answer is simple: assume every crash is exploitable and just fix it! In the November issue of MSDN Magazine, Adel Abouchaev , Damien Hasse , Scott Lambert , and Greg Wroblewski outline some best practices for analyzing program...
  • Blog Post: November 2007 MSDN Magazine now online

    The November 2007 issue of MSDN Magazine is now available online at http://msdn.microsoft.com/msdnmag/issues/07/11/default.aspx . November brings our 2007 Security Issue, featuring a range of security related topics from code review best practices to tools you can use for testing your apps more effectively...
  • Blog Post: Foundations: Declarative WCF Security

    In the August issue of MSDN Magazine, Juval Lowy presents a declarative security framework for Windows Communication Foundation (WCF) that makes security configuration closer to the simplicity you'll find in other aspects of WCF configuration. This declarative model is simple to use and minimizes the...
Page 1 of 1 (20 items)