February 2006 - Posts
I like this class library because it looks for "good things" and not "bad things." T he most common method of mitigating XSS issues is to use functions like HtmlEncode that look for "bad things" and escape them. But this library does the right thing -
Read More...
I was asked last week for a list of "drop-in-and-more-secure" replacements, created at Microsoft, for C/C++ functions and constructs. So here's a list: IntSafe (C safe integer arith library) SafeInt (C++ safe integer arith template class) Secure CRT (C
Read More...
I've been using this for a few months now on my own machines, and on my wife's machine at home. The thing I love about it is it doesn't get in the user's way. It's not "in your face" - I really think users are sick and tired of dialog boxes that expect
Read More...
Any federal document that contain words like: Pulverize, Incinerate and Disintigrate always gets my attention! "NIST Special Publication Guidelines for Media Sanitization, Public Draft" at http://csrc.nist.gov/publications/drafts/DRAFT-sp800-88-Feb3_2006.pd
Read More...
There has been plenty of literature written regarding integer arithmetic issues and security bugs. If you need a good refresher, I would urge you to read one or more of the following: Reviewing Code for Integer Manipulation Vulnerabilities Integer Handling
Read More...
As you probably all know, David is a very good friend of mine and we have authored some popular security books together, and will probably write some more too (but that’s another story.) Some of you know that David left Microsoft to join Webroot in May
Read More...
