November 2006
Secure Habits: 8 Simple Rules For Developing More Secure Code
Never trust data, model threats against your code, and other good advice from a security expert. Michael Howard
Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach
Whenever you build a new system you should consider how an in¬truder might go about attacking it and then build in appropriate defenses at design time. Shawn Hernan, Scott Lambert, Tomasz Ostwald, Adam Shostack
Single Sign-On: A Developer's Introduction To Active Directory Federation Services
Use Active Directory Federation Services to allow other organizations to use your Web applications without the need for you to grant access explicitly. Keith Brown
Smart Storage: Protect Your Data Via Managed Code And The Windows Vista Smart Card APIs
Smart cards are a compelling alternative to the reliance on passwords, which are the weakest link in authentication systems. Get the Windows smart card programming basics here. Dan Griffin
Extending SDL: Documenting And Evaluating The Security Guarantees Of Your Apps
In this article, the author presents an extension to the Security Development Lifecycle Which could promote a better flow of information between users and designers of software security features. Mark Novak
SQL Security: New SQL Truncation Attacks And How To Avoid Them
Exploits using SQL injection have drawn a lot of attention for their ability to get through firewalls and intrusion detection systems to compromise your data layers. Whether it's a first-order or second-order injection, if you look at the basic code pattern, it is similar to any other injection issue where you use untrusted data in the construction of a statement. Bala Neerumalla
Columns
Editor's Note: Healthy Printing
Why we use the paper we do.Joshua Trupin
|
Toolbox: Synchronize Files, Rich Textboxes, and More
Compare files and folders, create demo and support videos, add rich textboxes in your web apps, and more.Scott Mitchell
|
Basic Instincts: Server-Side Generation of Word 2007 Docs
This month, Office Open XML, which allows ASP.NET and SharePoint developers to read, write, and generate Word, Excel, and PowerPoint documents on the server without running an Office desktop application there.Ted Pattison
|
Test Run: Using Excel For Test Data
This month see how to use Excel for test automation storage, whether you’re just starting out with NET, or you’re an advanced programmer.Dr. James McCaffrey
|
Data Points: Revisiting System.Transactions
The System.Transactions namespace of the Microsoft .NET Framework makes handling transactions much simpler than previous techniques. Read all about it this month.John Papa
|
CLR Inside Out: Investigating Memory Issues
Memory issues can manifest in a wide variety of ways. This column shows you how to collect the data you need to determine what types of mem¬ory issues you are experiencing.Claudio Caldato and Maoni Stephens
|
Cutting Edge: A Tour of Windows Workflow Activities
Windows Workflow Foundation supports virtually any scenario where human opera¬tors are involved. Learn how to use it to tame your workflows.Dino Esposito
|
Bugslayer: Minidumps for Specific Exceptions
This installment of Bugslayer covers the use of ADPlus to create a minidump of your Microsoft .NET Framework 2.0 pro¬cesses on specific exceptions.John Robbins
|
Security Briefs: Limited User Problems and Split Knowledge
Keith Brown
|
Concurrent Affairs: The ReaderWriterGate Lock
Jeffrey Richter
|
.NET Matters: Event Accessors
Creating events on classes by adding the event keyword to a delegate member variable declaration.Stephen Toub
|
Netting C++: Introducing Regular Expressions
This month Stanley Lippman introduces the support for regular expressions in the .NET Framework.Stanley B. Lippman
|
{End Bracket}: Peripheral and Foveal Vision.
Considering human visual fields in software design.Bill Hill
|