November2007November 2007

Trustworthy Computing: Lessons Learned from Five Years of Building More Secure Software

Five years ago, Bill Gates issued a directive to enhance security across the board. Since then, many valuable lessons have been learned about building more secure software. Michael Howard

Crash Course: Analyze Crashes to Find Security Vulnerabilities in Your Apps

Here the authors analyze program crashes to help you understand if you have the potential for read or write violations in your applications, and how they can lead to security vulnerabilities. A. Abouchaev, D. Hasse, S. Lambert, and G. Wroblewski

Code Reviews: Find and Fix Vulnerabilities Before Your Application Ships

Code defects can be found using many approaches, but manual code reviews stand out in terms of precision and quality. We provide some best practices for planning and executing code reviews on your own team. M. Chmielewski, N. Clift, S. Fonrobert, and T. Ostwald

Fuzz Testing: Create a Custom Test Interface Provider for Team System

Dan Griffin shows the extensibility of Visual Studio 2005 Team Edition for Software Testers by discussing the modification of the existing Test Interface Provider sample in the latest Visual Studio SDK and implements Fuzz Testing. Dan Griffin

Code Download (511 KB)
.Chm Files


Editor's Note: Why Go to Extremes?

This month Howard Dierking sheds some light on what we really mean when we talk about security.Howard Dierking

Toolbox: Updated grid controls, open-source comparison tools, and more

This time: Windows Forms grids, professional-looking date textboxes, file merging, and more.Scott Mitchell

CLR Inside Out: Managing Object Lifetime

Although the .NET Framework provides a managed execution environment, it is important to consider object lifetime management and write code that uses and releases resources correctly. The CLR team shows you how.Tim Fischer

Basic Instincts: Extension Methods

This column discusses one of the new features of Visual Basic 2008—Extension Methods. This powerful new feature was introduced to support LINQ. See what extension methods are, how to apply them yourself, and get some great usage tips.Adrian Spotty Bowles

Office Space: Events in SharePoint 2007

Windows SharePoint Services (WSS) 3.0 provides a new and improved infrastructure for handling server-side events. In this installment of Office Space, we look at techniques for hooking up Before Events and After Events using both Features and code.Ted Pattison

Cutting Edge: Managing the User Experience in AJAX

This month Dino takes a look at limitations and UI issues in Partial Rendering AJAX pages and techniques for managing the UI.Dino Esposito

Team System: Custom check-in policies

Team Foundation Server provides APIs that let you create check-in notes (categorized string data) and custom check-in policy implementations. These features combine to give project administrators better control over the group development process.Brian A. Randell

Foundations: Synchronization Contexts in WCF

After a description of what synchronization contexts are and how WCF uses them, the author demonstrates various options for extending WCF to use custom synchronization contexts, both programmatically and declaratively.Juval Lowy

Bugslayer: Measuring the Impact of View State

Bloated view state can be a real performance bottleneck for your Web app, but it can be difficult to diagnose. John Robbins creates a handy tool that records and reports the view state size for pages in your ASP.NET applications.John Robbins

Concurrent Affairs: Simplified APM with C#

Jeffrey Richter introduces his AsyncEnumerator class and explains how it harnesses some recent additions to the C# programming language that make working with the asynchronous programming model significantly easier.Jeffrey Richter

.NET Matters: Debugging finalizers

Find out how to use finalizers as a way to warn developers who use your custom types when they are garbage collected without having been disposed of correctly.Stephen Toub

{ End Bracket }: WPF is for developers, too

There's still a role for developers in creating applications with WPF and XAML. In fact there are three: plumber, widget author, and ground breaker.Kevin Moore