MSDN Magazine
Click to Rate and Give Feedback
Authors
 Michael Howard: MSDN Magazine Artic...
Popular Articles

Jason Clark

MSDN Magazine July 2003

...

Read more!

Here we introduce you to some of the concepts behind the new F# language, which combines elements of functional and object-oriented .NET languages. We then help you get started writing some simple programs.

Ted Neward

MSDN Magazine Launch 2008

...

Read more!

Jeff Prosise explains when it's better to use UpdatePanel and when it's better to use asynchronous calls to WebMethods or page methods instead.

Jeff Prosise

MSDN Magazine June 2007

...

Read more!

A Sidebar gadget is a powerful little too that's surprisingly easy to create. Get in on the fun with Donavon West.

Donavon West

MSDN Magazine August 2007

...

Read more!

Writing a Web application with ASP.NET is unbelievably easy. So many developers don't take the time to structure their applications for great performance. In this article, the author presents 10 tips for writing high-performance Web apps. The discussion is not limited to ASP.NET applications because they are just one subset of Web applications.

Rob Howard

MSDN Magazine January 2005

...

Read more!
Michael Howard rss

  • Trustworthy Computing: Lessons Learned from Five Years of Building More Secure Software
    Five years ago, Bill Gates issued a directive to enhance security across the board. Since then, many valuable lessons have been learned about building more secure software.
    Michael Howard - November 2007
  • Secure Habits: 8 Simple Rules For Developing More Secure Code
    Never trust data, model threats against your code, and other good advice from a security expert.
    Michael Howard - November 2006
  • How Do They Do It?: A Look Inside the Security Development Lifecycle at Microsoft
    In this article, Microsoft security expert Michael Howard outlines how to apply the Security Development Lifecycle to your own software development processes. He explains how you can take some of the lessons learned at Microsoft when implementing SDL and use them in your own development process.
    Michael Howard - November 2005
  • Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users
    In this article, Microsoft security expert Michael Howard discusses the cardinal rules of attack surface reduction. His rules - reduce the amount of code executing by default, reduce the volume of code that is accessible to untrusted users by default, and limit the damage if the code is exploited - are explained along with the techniques to apply the rules to your code.
    Michael Howard - November 2004
  • Review It: Expert Tips for Finding Security Defects in Your Code
    Reviewing code for security defects is a key ingredient in the software creation process, ranking alongside planning, design, and testing. Here the author reflects over his years of code security reviews to identify patterns and best practices that all developers can follow when tracking down potential security loopholes. The process begins by examining the environment the code runs in, considering the roles of the users who will run it, and studying the history of any security issues the code may have had. After gaining an understanding of these background issues, specific vulnerabilities can be hunted down, including SQL injection attacks, cross-site scripting, and buffer overruns. In addition, certain red flags, such as variable names like "password", "secret," and other obvious but common security blunders, can be searched for and remedied.
    Michael Howard - November 2003
  • Security Tips: Defend Your Code with Top Ten Security Tips Every Developer Must Know
    There are many ways to get into trouble when it comes to security. You can trust all code that runs on your network, give any user access to important files, and never bother to check that code on your machine has not changed. You can run without virus protection software, not build security into your own code, and give too many privileges to too many accounts. You can even use a number of built-in functions carelessly enough to allow break-ins, and you can leave server ports open and unmonitored. Obviously, the list continues to grow. What are some of the really important issues, the biggest mistakes you should watch out for right now so that you don't compromise your data or your system? Security experts Michael Howard and Keith Brown present 10 tips to keep you out of hot water.
    Michael Howard and Keith Brown - September 2002
  • Security Briefs: Protecting Your Code with Visual C++ Defenses
    Michael Howard outlines some of the buffer overrun defenses available in Visual C++ 2005 and beyond.
    Michael Howard - March 2008
  • Security Quiz: Test Your Security IQ
    Our security experts present 10 vulnerable pieces of code. Your mission is to find the holes (a.k.a. bad security practices) in the code.
    Michael Howard and Bryan Sullivan - November 2008
  • Security Briefs: Threat Models Improve Your Security Process
    Using threat models to drive your security engineering process helps prioritize the code review, fuzz testing, and attack surface analysis tasks.
    Michael Howard - November 2008
Page view tracker