MSDN Magazine November 2006

We introduce you to the benefits of building composite applications with the Composite Application Guidance for WPF from Microsoft patterns & practices.

Glenn Block

MSDN Magazine September 2008

...

One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

...

Paul DiLascia

MSDN Magazine August 2002

...

Read more!

November 2006

Secure Habits: 8 Simple Rules For Developing More Secure Code

Never trust data, model threats against your code, and other good advice from a security expert. Michael Howard

Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach

Whenever you build a new system you should consider how an in¬truder might go about attacking it and then build in appropriate defenses at design time. Shawn Hernan, Scott Lambert, Tomasz Ostwald, Adam Shostack

Single Sign-On: A Developer's Introduction To Active Directory Federation Services

Use Active Directory Federation Services to allow other organizations to use your Web applications without the need for you to grant access explicitly. Keith Brown

Smart Storage: Protect Your Data Via Managed Code And The Windows Vista Smart Card APIs

Smart cards are a compelling alternative to the reliance on passwords, which are the weakest link in authentication systems. Get the Windows smart card programming basics here. Dan Griffin

Extending SDL: Documenting And Evaluating The Security Guarantees Of Your Apps

In this article, the author presents an extension to the Security Development Lifecycle Which could promote a better flow of information between users and designers of software security features. Mark Novak

SQL Security: New SQL Truncation Attacks And How To Avoid Them

Exploits using SQL injection have drawn a lot of attention for their ability to get through firewalls and intrusion detection systems to compromise your data layers. Whether it's a first-order or second-order injection, if you look at the basic code pattern, it is similar to any other injection issue where you use untrusted data in the construction of a statement. Bala Neerumalla

(2196 KB)

Columns

Editor's Note: Healthy Printing Why we use the paper we do. Joshua Trupin	Toolbox: Synchronize Files, Rich Textboxes, and More Compare files and folders, create demo and support videos, add rich textboxes in your web apps, and more. Scott Mitchell	Basic Instincts: Server-Side Generation of Word 2007 Docs This month, Office Open XML, which allows ASP.NET and SharePoint developers to read, write, and generate Word, Excel, and PowerPoint documents on the server without running an Office desktop application there. Ted Pattison
Test Run: Using Excel For Test Data This month see how to use Excel for test automation storage, whether you’re just starting out with NET, or you’re an advanced programmer. Dr. James McCaffrey	Data Points: Revisiting System.Transactions The System.Transactions namespace of the Microsoft .NET Framework makes handling transactions much simpler than previous techniques. Read all about it this month. John Papa	CLR Inside Out: Investigating Memory Issues Memory issues can manifest in a wide variety of ways. This column shows you how to collect the data you need to determine what types of mem¬ory issues you are experiencing. Claudio Caldato and Maoni Stephens
Cutting Edge: A Tour of Windows Workflow Activities Windows Workflow Foundation supports virtually any scenario where human opera¬tors are involved. Learn how to use it to tame your workflows. Dino Esposito	Bugslayer: Minidumps for Specific Exceptions This installment of Bugslayer covers the use of ADPlus to create a minidump of your Microsoft .NET Framework 2.0 pro¬cesses on specific exceptions. John Robbins	Security Briefs: Limited User Problems and Split Knowledge Keith Brown
Concurrent Affairs: The ReaderWriterGate Lock Jeffrey Richter	.NET Matters: Event Accessors Creating events on classes by adding the event keyword to a delegate member variable declaration. Stephen Toub	Netting C++: Introducing Regular Expressions This month Stanley Lippman introduces the support for regular expressions in the .NET Framework. Stanley B. Lippman
{End Bracket}: Peripheral and Foveal Vision. Considering human visual fields in software design. Bill Hill