November2006November 2006

Secure Habits: 8 Simple Rules For Developing More Secure Code

Never trust data, model threats against your code, and other good advice from a security expert. Michael Howard

Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach

Whenever you build a new system you should consider how an in¬truder might go about attacking it and then build in appropriate defenses at design time. Shawn Hernan, Scott Lambert, Tomasz Ostwald, Adam Shostack

Single Sign-On: A Developer's Introduction To Active Directory Federation Services

Use Active Directory Federation Services to allow other organizations to use your Web applications without the need for you to grant access explicitly. Keith Brown

Smart Storage: Protect Your Data Via Managed Code And The Windows Vista Smart Card APIs

Smart cards are a compelling alternative to the reliance on passwords, which are the weakest link in authentication systems. Get the Windows smart card programming basics here. Dan Griffin

Extending SDL: Documenting And Evaluating The Security Guarantees Of Your Apps

In this article, the author presents an extension to the Security Development Lifecycle Which could promote a better flow of information between users and designers of software security features. Mark Novak

SQL Security: New SQL Truncation Attacks And How To Avoid Them

Exploits using SQL injection have drawn a lot of attention for their ability to get through firewalls and intrusion detection systems to compromise your data layers. Whether it's a first-order or second-order injection, if you look at the basic code pattern, it is similar to any other injection issue where you use untrusted data in the construction of a statement. Bala Neerumalla

Code Download (2196 KB)
.Chm Files


Editor's Note: Healthy Printing
Why we use the paper we do.Joshua Trupin
Toolbox: Synchronize Files, Rich Textboxes, and More
Compare files and folders, create demo and support videos, add rich textboxes in your web apps, and more.Scott Mitchell
Basic Instincts: Server-Side Generation of Word 2007 Docs
This month, Office Open XML, which allows ASP.NET and SharePoint developers to read, write, and generate Word, Excel, and PowerPoint documents on the server without running an Office desktop application there.Ted Pattison
Test Run: Using Excel For Test Data
This month see how to use Excel for test automation storage, whether you’re just starting out with NET, or you’re an advanced programmer.Dr. James McCaffrey
Data Points: Revisiting System.Transactions
The System.Transactions namespace of the Microsoft .NET Framework makes handling transactions much simpler than previous techniques. Read all about it this month.John Papa
CLR Inside Out: Investigating Memory Issues
Memory issues can manifest in a wide variety of ways. This column shows you how to collect the data you need to determine what types of mem¬ory issues you are experiencing.Claudio Caldato and Maoni Stephens
Cutting Edge: A Tour of Windows Workflow Activities
Windows Workflow Foundation supports virtually any scenario where human opera¬tors are involved. Learn how to use it to tame your workflows.Dino Esposito
Bugslayer: Minidumps for Specific Exceptions
This installment of Bugslayer covers the use of ADPlus to create a minidump of your Microsoft .NET Framework 2.0 pro¬cesses on specific exceptions.John Robbins
Security Briefs: Limited User Problems and Split Knowledge
Keith Brown
Concurrent Affairs: The ReaderWriterGate Lock
Jeffrey Richter
.NET Matters: Event Accessors
Creating events on classes by adding the event keyword to a delegate member variable declaration.Stephen Toub
Netting C++: Introducing Regular Expressions
This month Stanley Lippman introduces the support for regular expressions in the .NET Framework.Stanley B. Lippman
{End Bracket}: Peripheral and Foveal Vision.
Considering human visual fields in software design.Bill Hill