Welcome to MSDN Blogs Sign in | Join | Help

Michael Howard's Web Log

A Simple Software Security Guy at Microsoft!

February 2006 - Posts

Microsoft Anti-Cross Site Scripting Library V1.0 Available
I like this class library because it looks for "good things" and not "bad things." T he most common method of mitigating XSS issues is to use functions like HtmlEncode that look for "bad things" and escape them. But this library does the right thing - Read More...
List of useful security libraries
I was asked last week for a list of "drop-in-and-more-secure" replacements, created at Microsoft, for C/C++ functions and constructs. So here's a list: IntSafe (C safe integer arith library) SafeInt (C++ safe integer arith template class) Secure CRT (C Read More...
Windows Defender Beta 2 is out!
I've been using this for a few months now on my own machines, and on my wife's machine at home. The thing I love about it is it doesn't get in the user's way. It's not "in your face" - I really think users are sick and tired of dialog boxes that expect Read More...
Pulverize, Incinerate and Disintigrate
Any federal document that contain words like: Pulverize, Incinerate and Disintigrate always gets my attention! "NIST Special Publication Guidelines for Media Sanitization, Public Draft" at http://csrc.nist.gov/publications/drafts/DRAFT-sp800-88-Feb3_2006.pd Read More...
Safe Integer Arithmetic in C
There has been plenty of literature written regarding integer arithmetic issues and security bugs. If you need a good refresher, I would urge you to read one or more of the following: Reviewing Code for Integer Manipulation Vulnerabilities Integer Handling Read More...
An Update on David LeBlanc
As you probably all know, David is a very good friend of mine and we have authored some popular security books together, and will probably write some more too (but that’s another story.) Some of you know that David left Microsoft to join Webroot in May Read More...
Page view tracker