Application Security - each one, teach one

Richard Lewis' application security notes for the software designer, developer and tester

For those of you who have heard a lot about IIS but have never got a chance to try it out, here's...

Author: RichardL2 Date: 04/12/2007

During setup of an SSL connection, the client validates the server's digital certificate. This is...

Author: RichardL2 Date: 03/28/2007

The previous version of the C runtime had many flaws in its design. For example, the functions in...

Author: RichardL2 Date: 03/10/2007

I recently completed my first security assignment at Microsoft. The customer needed specific...

Author: RichardL2 Date: 03/01/2007

Use the following best practices when dealing with the Windows registry. Use of registry reduces...

Author: RichardL2 Date: 01/30/2007

What really is code signing?At a high level, code signing allows you to generate a digital signature...

Author: RichardL2 Date: 01/25/2007

Here's the abstract for a whitepaper I am beginning to write - Cryptography is increasingly emerging...

Author: RichardL2 Date: 01/24/2007

Symmetric key algorithms like 3DES, AES etc operate on blocks of input data. For this to happen, the...

Author: RichardL2 Date: 01/22/2007

This article previously appeared at CodeProject.com IntroductionMany applications require to create...

Author: RichardL2 Date: 01/22/2007

Hi - I am Richard Lewis and am proud to have joined the ACE team at Microsoft. We are heavily into...

Author: RichardL2 Date: 01/22/2007

Additional resources