The November 2007 issue of MSDN Magazine is now available online at http://msdn.microsoft.com/msdnmag/issues/07/11/default.aspx.
November brings our 2007 Security Issue, featuring a range of security related topics from code review best practices to tools you can use for testing your apps more effectively.
Michael Howard, the Principal Security Program Manager at Microsoft and author of the well-known Writing Secure Code, shares 10 lessons Microsoft has learned about building more secure software since Bill Gates launched our Trustworthy Computing initiative.
Shipping secure code is important, and we’ll show you how code reviews help you find and fix vulnerabilities before your application ships.
We also look at how you can analyze program crashes to find security vulnerabilities in the underlying code, something you can do even when your apps have been deployed to customers.
Finally, Dan Griffin demonstrates how you can extend the software testing capabilities of Visual Studio Team System (VSTS) with a test interface provider for fuzz testing.
In the columns we take a look at Visual Basic extension methods, and explore handling events in SharePoint. Tim Fischer explains how to manage object lifetime in .NET apps, Stephen Toub discusses the ins and outs of debugging finalizers, and Juval Lowy demonstrates how to use synchronization contexts in Windows Communication Foundation (WCF).
There’s much more in the issue, and I’ll be blogging about these and other articles throughout the month.