Use the following best practices when dealing with the Windows registry. Use of registry reduces application portability. Therefore, use only if required. Don’t use the registry as a configuration trash–bin. Don’t store secrets in registry...

What really is code signing? At a high level, code signing allows you to generate a digital signature for the application binary and then provides a mechanism to carry the signature right to the end user. When the end user invokes the application, the...

Here's the abstract for a whitepaper I am beginning to write - Cryptography is increasingly emerging as an essential and must-have ammo in the arsenal of application designers and developers. Reliance on cryptography is a critical part of an application...

Symmetric key algorithms like 3DES, AES etc operate on blocks of input data. For this to happen, the length of the input data must be exactly equal to the block length or an integral multiple of the block length for that algorithm. For example, let us...

This article previously appeared at CodeProject.com Introduction Many applications require to create and maintain temporary files. Often these temporary files are created without the enduser knowing about the same. Security attacks realized due to...

Hi - I am Richard Lewis and am proud to have joined the ACE team at Microsoft. We are heavily into application security - that means we do security code reviews, application threat modeling and a host of allied services. I joined this team on the 15th...