Browse by Tags - Systems, architecture and engineering solutions! - Site Home - MSDN Blogs

Systems, architecture and engineering solutions!

This site will do in depth analysis of subjects such as service oriented architecture, software engineering and technologies such as Exchange and Sharepoint.

Browse by Tags

Tagged Content List
  • Blog Post: 5 top links: Security in Windows 8

    Wow, Security in Windows 8 is going to move the needle. Here are 5 of the links I Protecting you from malware Protecting your digital identity Signing in with a picture password Optimizing picture password security (Keep your screen clean if you use this one!) http://code.msdn.microsoft...
  • Blog Post: 5 Links for Securing Silverlight

    When my page views are extremely positive, it is time to discuss security, why? Because security is always a way to drive the numbers down.  Let’s face it, no one wants to face the world of security or the discipline.  Tell a potential “partner” that you do software security and it is likely...
  • Blog Post: Free NSA Guidance for Addressing Malicious Code Risk and vocabulary list

    Yep, that’s NSA as in National Security Agency, and you don’t have to burn it after reading!  This is a great way to get up to speed on code risks.  Zoom over to GUIDANCE FOR ADDRESSING MALICIOUS CODE RISK (you tell it is serious because it is all caps) So act now for this publication paid...
  • Blog Post: OS Command Injection

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') See this previous blog for this subject: Software insecurity: Insecure Interaction Between Components So what is an “OS Command Injection”? (From: The software constructs all or part...
  • Blog Post: Software Insecurity: SQL Injection code example

    Code example of a bad example: SQL Injection using C# Code Snippet string userName = connection.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND item = '" + ItemName.Text + "'" ; sda = new SqlDataAdapter...
  • Blog Post: Software Insecurity: Risky Resource Management

    The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources. CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-22 Improper Limitation of a Pathname to a Restricted...
  • Blog Post: Software insecurity: Insecure Interaction Between Components

    The top 6 software insecurities, with links. CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-79 Improper Neutralization of Input During Web Page Generation...
  • Blog Post: Costa Concordia: Mathematical Model of the Submarine

    Hopefully the Costa Concordia won’t become a submarine, but the only ready control system design document that I could find easily was from MIT. Multivariable control system design for a submarine The copy isn’t printable since the document was generated in 1976, here is the diagram...
  • Blog Post: Browser security: Chrome has the most security vulnerabilities

    Well, I did my occasional checking up on browser security over the past three months with the various browsers. Graphs and a better post can be seen at Jerry Nixon's blog, leave nice comments there, bad comments here. :) http://jerrytech.blogspot.com/2011/10/browser-security-vulnerabilities.html...
Page 1 of 1 (9 items)