Vineet Batta here, A little known but excellent features of ASP.NET is it’s ability to give support teams the ability to monitor the health of ASP.NET applications. In this article I will dwell on out of box features. No custom classes or code to be written...

Hi, Ch etan Bhat here. I’m a developer with the Security Tools Team. In this post I will talk about common mistakes developers make when when using hash functions. Any hash function is required to meet the following two requirements. It must be easy to...

Hi this is Marius Grigoriu, Program Manager of Risk Tracker and our BI system--which will both be introduced at a later time. Today I am going to share how I track and manage projects and requirements. Both my teams are Agile teams and use product backlogs...

RV here... Cascading Style Sheets provide developers ways to change the UI theme of a website and this provides many opportunities for malicious users to change the UI if the application uses dynamic data inside style tags or in HTML style attributes...

Hi Vamsy here. I am a Developer in Information Security Tools Team. I have done some work on automating Windows Firewall settings using C# and wanted to share what I learnt. In this post, I am going to demonstrate how to programmatically access the following...

RV here... The Lightweight Directory Access Protocol (LDAP) API provides a mechanism for connecting to, searching, and modifying internet directories. A LDAP (Lightweight Directory Access Protocol) injection attack exploits vulnerabilities in input validation...

Kathy Shieh here. I am the dev lead for the Information Security Tools team in the US. Visual Studio Team Foundation server (VSTF)  provides a pretty good GUI interface for security management. Within the VSTF UI you can create custom roles, manage...

Vineet  Batta here again… Some time back one of our applications was released into production and since the application data was HBI  we were required to protect data both in a rest and a transit. For transit we enabled SSL, that is the link...

Vineet Batta here….This is a short introduction to the Application Portfolio Management (APM) component of the Connected Information Security Framework or CISF that we hope to reach the CTP milestone in next 2-3 weeks.  The APM component is designed...

Gaurav Sharma here, I’m a developer with the Information Security Tools team. Today I want to share something about FCL’s GetHashCode method. System.Object provides a virtual GetHashCode method so that an Int32 hash code can be obtained for any and all...