Bryan Sullivan

Bryan Sullivan follows up on configuration security with some relatively obscure—but important—web.config settings that should be addressed, and discusses a new free tool to help you find potential problems.

The MSF-Agile project template for Team Foundation Server makes it easy for your team to implement Agile techniques. The new MSF-Agile+SDL template adds Security Development Lifecycle requirements. We’ll show you how it works.

Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you’re managing user state stored on the client. Here's what you need to know about view state security.

Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Take a peek inside Microsoft’s strict development security structure as Bryan Sullivan describes the objective security bug classification system─the “bug bar”─used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.

This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Even if you use only the most secure algorithms and the longest key lengths, there’s no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.

Learn the numerous ways in which you can rewrite URLs to defend against common Web vulnerabilities.

Our security experts present 10 vulnerable pieces of code. Your mission is to find the holes (a.k.a. bad security practices) in the code.

In this installment we introduce you to new Web-oriented security guidance and tools straight from the Security Development Lifecycle (SDL) team at Microsoft.