Security Briefs: MSDN Magazine Articles

MSDN Magazine

Printer Friendly Version

Send

MSDN

Developer Centers

MSDN Magazine

Home

Security Briefs: MSDN Magazine Arti...

Popular Articles

Ten Essential Tools: Visual Studio Add-Ins Every Developer Should Download Now

James Avery does it again with his popular list of developer tools. This time he covers the best Visual Studio add-ins available today that you can download for free.

James Avery

MSDN Magazine December 2005

...

Now you can perform efficient, sophisticated text analysis using regular expressions in SQL Server 2005.

David Banister

MSDN Magazine February 2007

...

Jason Clark

MSDN Magazine July 2003

...

Chris Tavares explains how the ASP.NET MVC Framework's Model View Controller pattern helps you build flexible, easily tested Web applications.

Chris Tavares

MSDN Magazine March 2008

...

Read more!

Data Points: Data Binding in WPF

WPF is one of the most important new technologies in the .NET Framework 3.0. This month John Papa introduces its data binding capabilities.

John Papa

MSDN Magazine December 2007

...

Read more!

MSDN Magazine: Security Briefs

All MSDN Magazine Columns

Security Briefs: A Conversation About Threat Modeling
Michael Howard - May 2009
Listen in on a chat between a developer and security pro that delves into some of the major Security Development Lifecycle (SDL) requirements we impose on product teams here at Microsoft
Security Briefs: Protect Your Site With URL Rewriting
Bryan Sullivan - March 2009
Learn the numerous ways in which you can rewrite URLs to defend against common Web vulnerabilities.
Security Briefs: Getting Started With The SDL Threat Modeling Tool
Adam Shostack - January 2009
The Security Development Lifecycle (SDL) threat modeling tool helps you develop great threat models as a backbone of your security process. We'll show you how it works.
Security Briefs: Threat Models Improve Your Security Process
Michael Howard - November 2008
Using threat models to drive your security engineering process helps prioritize the code review, fuzz testing, and attack surface analysis tasks.
Security Briefs: SDL Embraces The Web
Bryan Sullivan - September 2008
In this installment we introduce you to new Web-oriented security guidance and tools straight from the Security Development Lifecycle (SDL) team at Microsoft.
Security Briefs: Reinvigorate your Threat Modeling Process
Adam Shostack - July 2008
In this column the author outlines some approaches to threat modeling that can be employed by development teams of any size.
Security Briefs: Penetration Testing
James A. Whittaker - May 2008
In this installment of Security Briefs, James Whittaker explains the rules and the pitfalls of penetration testing so you'll know how to avoid them.
Security Briefs: Protecting Your Code with Visual C++ Defenses
Michael Howard - March 2008
Michael Howard outlines some of the buffer overrun defenses available in Visual C++ 2005 and beyond.
Security Briefs: Exploring Claims-Based Identity
Keith Brown - September 2007
Keith Brown introduces you to the new identity model in the Microsoft .NET Framework 3.0.
Security Briefs: Active Directory Cache Dependencies
Keith Brown - July 2007
If you're not taking advantage of Active Directory, you should be. Learn the benefits from Keith Brown.
Security Briefs: Events in Windows Vista
Keith Brown - May 2007
Security Briefs: Improve Manageability through Event Logging
Keith Brown - April 2007
When something goes wrong, a manageable application will tell the administrator how to fix the problem. The Windows Event Log can provide the necessary information.
Security Briefs: Using Protocol Transition—Tips from the Trenches
Keith Brown - January 2007
Now that Windows Server 2003 is widely deployed, Keith Brown addresses questions from readers who are trying to use protocol transition to build secure gateways into their intranets.
Security Briefs: Limited User Problems and Split Knowledge
Keith Brown - November 2006
Security Briefs: CardSpace, SqlMembershipProvider, and More
Keith Brown - October 2006
This month Keith Brown fields some reader questions on InfoCard turned CardSpace and passwords for SqlMembershipProvider.
Security Briefs: Security in Windows Communication Foundation
Keith Brown - August 2006
Windows Communication Foundation provides three major protections— confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.
Security Briefs: Step-by-Step Guide to InfoCard
Keith Brown - May 2006
In my April 2006 column I began a discussion of InfoCard, the upcoming identity metasystem, which is being prepared for release in the Windows Vista™ timeframe. If you haven’t read that column, you should definitely start there because I’m going to assume you’re familiar with the basics I covered.
Security Briefs: A First Look at InfoCard
Keith Brown - April 2006
The Web can be annoying at times. I'm certain that I'm not alone in my frustration with filling out the same old forms on every Web site I visit. Like most other techies, I've acquired many tools over the years to help combat this repetition, and I even wrote my own password manager for my hundreds of different identities on the Web.
Security Briefs: Encrypting Without Secrets
Keith Brown - January 2006
Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. Connection strings with passwords are an obvious problem.
Security Briefs: Security Enhancements in the .NET Framework 2.0
Keith Brown - Visual Studio 2005 Guided Tour 2006
The.NET Framework 2.0 got quite a few security enhancements. This month Keith takes you on a whirlwind tour of the goodies you'll find there.
Security Briefs: Security Features in WSE 3.0
Keith Brown - November 2005
I've been spending a lot of time lately building secure Web services with the Microsoft® . NET Framework 2. 0, and Web Services Enhancements (WSE) 3. 0 has been a lifesaver for me, so I thought it would be appropriate to dedicate a column to security features in this new product.
Security Briefs: Credentials and Delegation
Keith Brown - September 2005
I get loads of security questions from friends and former students, and recently I've gotten a number of questions about building secure data-driven Web sites for internal enterprise systems. I've decided to answer them here to hopefully save you some headaches in your own projects.
Security Briefs: Customizing GINA, Part 2
Keith Brown - June 2005
GINA, the Graphical Identification and Authentication component, is a part of WinLogon that you can customize or replace. Last month I introduced GINA customization; this month, I'm going to drill down to implement each of the GINA entry points.
Security Briefs: Customizing GINA, Part 1
Keith Brown - May 2005
Over the years I've had many people ask me to write about GINA, the Graphical Identification and Authentication component that serves as the gateway for interactive logons. This month I'll begin my coverage of this topic to help you get started if you're tasked to build such a beast.
Security Briefs: Access Control List Editing in .NET
Keith Brown - March 2005
Access control lists (ACLs) can be complex beasts, and user interfaces for editing them are incredibly tricky to implement properly. That's why I was really excited when Windows® 2000 shipped with a programmable ACL editor, shown in Figure 1.
Security Briefs: Security Enhancements in the .NET Framework 2.0
Keith Brown - January 2005
As I write this column, version 2. 0 of the Microsoft® . NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.
Security Briefs: Password Minder Internals
Keith Brown - October 2004
In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.
Security Briefs: Mind Those Passwords!
Keith Brown - July 2004
Security Briefs: Beware of Fully Trusted Code
Keith Brown - April 2004
The vast majority of managed applications run with full trust, but based on my experience teaching . NET security to developers with a broad range of experience, most really don't understand the implications of fully trusted code.
Security Briefs: Hashing Passwords, The AllowPartiallyTrustedCallers Attribute
Keith Brown - August 2003
Keith Brown describes how yo can hash passwords when you want to store them in your own custom database, and when to use the AllowPartiallyTrustedCallers attribure on your assembly.
Security Briefs: Exploring S4U Kerberos Extensions in Windows Server 2003
Keith Brown - April 2003
Building Web sites that provide services external to the corporate firewall is tricky. Usually it's not desirable to grant corporate domain accounts to external clients, and from a purely practical standpoint Kerberos does not work well over the Internet due to the typical configuration of client-side firewalls.
Security Briefs: Managed Security Context in ASP.NET
Keith Brown - January 2002
Security Briefs: ASP.NET Security Issues
Keith Brown - November 2001
Security Briefs: The Security Support Provider Interface Revisited
Keith Brown - April 2001
Security Briefs: Explore the Security Support Provider Interface Using the SSPI Workbench Utility
Keith Brown - August 2000
Security Briefs: Understanding Kerberos Credential Delegation in Windows 2000 Using the TktView Utillity
Keith Brown - May 2000
Security Briefs: Exploring Handle Security in Windows
Keith Brown - March 2000