January 2007 - Posts
Use the following best practices when dealing with the Windows registry. Use of registry reduces application portability. Therefore, use only if required. Don’t use the registry as a configuration trash–bin. Don’t store secrets in registry. Encrypt application
Read More...
What really is code signing? At a high level, code signing allows you to generate a digital signature for the application binary and then provides a mechanism to carry the signature right to the end user. When the end user invokes the application, the
Read More...
Here's the abstract for a whitepaper I am beginning to write - Cryptography is increasingly emerging as an essential and must-have ammo in the arsenal of application designers and developers. Reliance on cryptography is a critical part of an application’s
Read More...
Symmetric key algorithms like 3DES, AES etc operate on blocks of input data. For this to happen, the length of the input data must be exactly equal to the block length or an integral multiple of the block length for that algorithm. For example, let us
Read More...
This article previously appeared at CodeProject.com Introduction Many applications require to create and maintain temporary files. Often these temporary files are created without the enduser knowing about the same. Security attacks realized due to insecure
Read More...
Hi - I am Richard Lewis and am proud to have joined the ACE team at Microsoft. We are heavily into application security - that means we do security code reviews, application threat modeling and a host of allied services. I joined this team on the 15th
Read More...
