The official blog of MSDN Magazine
Translate This Page
Translate this page
Don't Get Me Started
rich internet applications, RIA
Team Foundation Server
Team Foundation Service
Windows Phone 7
XNA Game Studio
Browse by Tags
Tagged Content List
alt.msdn – What Media Says on MS Development
Edd Morgan shows IronRuby interaction with POCOs and considerations to make this implementation run “on Rails.” Richard Campbell tells what .NET 4.0 does better than its previous versions regarding performance, thread management, and security, Glenn Block offers a primer on MEF for Visual Basic .NET...
14 May 2010
Thread Management and other CLR TidBits
Every month, the CLR team gives us insight into the core of managed code, .NET programming best practices, technologies underlying the CLR and .NET Framework, and other tips and suggestions. In the December 2008 issue of MSDN Magazine , Erika Fuentes and Eric Eilebrecht cover some common issues developers...
21 Nov 2008
Security Briefs: Threat Models Improve Your Security Process
It’s helpful to think about secure design from a more holistic perspective by using threat models to drive your security engineering process. In the November 2008 issue of MSDN Magazine , Michael Howard proposes using the threat model to help drive other SDL security requirements , primarily code review...
12 Nov 2008
Windows File And Registry Permissions
The basic security mechanism of Windows involves having a trusted system component check permissions and rights (AccessCheck) before an operation is allowed to proceed. In the November 2008 issue of MSDN Magazine , John R. Michener explains how to set values for the security settings on objects and how...
3 Nov 2008
Security Development Lifecycle for Agile Development
The concept of Agile security does not have to be a contradiction in terms. The Microsoft SDL team has defined a set of process improvements that increase security focus while respecting the need to release new code on an ultra-short timeline. In the November 2008 issue of MSDN Magazine , Bryan Sullivan...
31 Oct 2008
Service Station: Authorization In WCF-Based Services
Once you start adopting service-oriented principles for your distributed applications, you are crossing a security boundary for every service call you make. Windows Communication Foundation (WCF) provides powerful facilities for implementing authorization in your services. In the October 2008 issue of...
29 Oct 2008
Security Briefs: SDL Embraces The Web
The Security Development Lifecycle (SDL) team recently released details of the SDL process at microsoft.com/sdl . What you won't find in the publicly available SDL documentation is guidance specific to securing Web applications or online services. In the September 2008 issue of MSDN Magazine , Bryan...
24 Sep 2008
Foundations: Code Access Security in WCF
In the .NET Framework 3.5, WCF only allows a limited set of scenarios to execute in partial trust. Ideally, you would like to tap into the full power of WCF from distributed transactions to reliable calls to various security credential types without trading off CAS—that is, without resorting to full...
1 Aug 2008
Security Briefs: Approaches to Threat Modeling
There are many things called threat modeling. Rather than argue about which is "the one true way," a good practice is to consider your needs and what your skills, abilities, and schedules are, and then work with a method that's best for you. In the July 2008 issue of MSDN Magazine , Adam Shostack...
23 Jul 2008
Security: a One-Time Password Solution
Passwords can be a big security and manageability headache for enterprise IT administrators. Because passwords are cached on computer hard drives and stored on servers, they are susceptible to cracking. In the June 2008 issue of MSDN Magazine , Dan Griffin explains why one-time passwords (OTP) are an...
9 Jun 2008
Elevation PowerToys and other Security content in TechNet Magazine
Whether you’re a developer or an IT pro – or maybe your job involves a little of both – security is an ever-present concern. The June 2008 issue of our sister publication, TechNet Magazine , is focused on security issues. While I recommend reading the entire issue, here are two articles that are particularly...
30 May 2008
Security Briefs: Buffer overrun defenses in Visual C++
There are a number of reasons for the many buffer overruns in production C and C++ code. The languages provide direct access to vulnerable memory, but developers also make mistakes, and there have historically been few defenses offered by compilers. In the March 2008 issue of MSDN Magazine , Michael...
25 Mar 2008
Windows with C++: Windows Services Enhancements
Windows Vista and Windows Server 2008 bring some significant changes to services. Many of these features are focused on making it simpler to produce services that are more secure, but among the non-security-related service features are a few aimed at improving the overall responsiveness and reliability...
29 Feb 2008
Office Space: Security Programming in SharePoint 2007
You may already know the fundamentals of security programming with Windows and ASP.NET security, but how well do you know the security layer that Windows SharePoint Services 3.0 (WSS) adds on top? In the February issue of MSDN Magazine , Ted Pattison highlights some new security terms and concepts that...
11 Feb 2008
Trustworthy Computing: Lessons learned so far
"Five years ago, Bill Gates issued a memo to all Microsoft employees explaining the importance of building more secure software. Since then, many people across Microsoft have worked to improve the security of their products. In doing so, we've learned a lot about what it takes to build more secure software...
31 Oct 2007
Creating a Custom Fuzz Test Interface Provider
These days, fuzzing is most frequently used to validate file and network parsers - literally piping a random source of binary data into the parser and then seeing what happens. In the November issue of MSDN Magazine, Dan Griffin takes a look at the extensibility of Visual Studio 2005 Team Edition for...
29 Oct 2007
Code Reviews Help Find and Fix Vulnerabilities in Your Apps
Small coding errors can result in critical vulnerabilities that can compromise the security of not just entire systems, but even entire companies. Security vulnerabilities are not typically caused by a single error, but rather by a sequence of errors during the course of development: a coding error is...
26 Oct 2007
Analyze Crashes to Find Security Vulnerabilities in Your Apps
How can you make sure a crash in your program is not exploitable? The short answer is simple: assume every crash is exploitable and just fix it! In the November issue of MSDN Magazine, Adel Abouchaev , Damien Hasse , Scott Lambert , and Greg Wroblewski outline some best practices for analyzing program...
22 Oct 2007
November 2007 MSDN Magazine now online
The November 2007 issue of MSDN Magazine is now available online at http://msdn.microsoft.com/msdnmag/issues/07/11/default.aspx . November brings our 2007 Security Issue, featuring a range of security related topics from code review best practices to tools you can use for testing your apps more effectively...
12 Oct 2007
Foundations: Declarative WCF Security
In the August issue of MSDN Magazine, Juval Lowy presents a declarative security framework for Windows Communication Foundation (WCF) that makes security configuration closer to the simplicity you'll find in other aspects of WCF configuration. This declarative model is simple to use and minimizes the...
10 Aug 2007
Page 1 of 1 (20 items)
© 2014 Microsoft Corporation.
Privacy & Cookies