Security Briefs - Web Application Configuration Security Revisited

Tue, 02 Nov 2010 10:00:00 GMT

Bryan Sullivan follows up on configuration security with some relatively obscure—but important—web.config settings that should be addressed, and discusses a new free tool to help you find potential problems.

Read article

Security Briefs - The MSF-Agile+SDL Process Template for TFS 2010

Tue, 31 Aug 2010 10:00:00 GMT

The MSF-Agile project template for Team Foundation Server makes it easy for your team to implement Agile techniques. The new MSF-Agile+SDL template adds Security Development Lifecycle requirements. We’ll show you how it works.

Read article

Security Briefs - View State Security

Tue, 29 Jun 2010 10:00:00 GMT

Effectively managing user state in web applications can be a tricky balancing act of performance, scalability, maintainability and security. The security consideration is especially evident when you’re managing user state stored on the client. Here's what you need to know about view state security.

Read article

Security Briefs - Regular Expression Denial of Service Attacks and Defenses

Mon, 03 May 2010 10:00:00 GMT

Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Read article

Security Briefs - Add a Security Bug Bar to Microsoft Team Foundation Server 2010

Wed, 24 Feb 2010 10:00:00 GMT

Take a peek inside Microsoft’s strict development security structure as Bryan Sullivan describes the objective security bug classification system─the “bug bar”─used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.

Read article

Security Briefs - XML Denial of Service Attacks and Defenses

Mon, 16 Nov 2009 10:00:00 GMT

This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Read article

Security Briefs - Cryptographic Agility

Fri, 24 Jul 2009 10:00:00 GMT

Even if you use only the most secure algorithms and the longest key lengths, there’s no guarantee that the code you write today will remain secure. A better alternative is to plan for agility from the beginning. Rather than hard-coding specific cryptographic algorithms into your code, use one of the crypto-agility features built into the Microsoft .NET Framework. This article shows you how.

Read article

Security Briefs - Protect Your Site With URL Rewriting

Thu, 19 Feb 2009 10:00:00 GMT

Learn the numerous ways in which you can rewrite URLs to defend against common Web vulnerabilities.

Read article

Agile SDL - Streamline Security Practices For Agile Development

Thu, 23 Oct 2008 10:00:00 GMT

Bryan Sullivan discusses the new SDL for Web applications and Agile projects with more compressed release cycles.

Read article

Security Briefs - SDL Embraces The Web

Wed, 20 Aug 2008 10:00:00 GMT

In this installment we introduce you to new Web-oriented security guidance and tools straight from the Security Development Lifecycle (SDL) team at Microsoft.

Read article