alt.msdn – What Media Says on MS Development

Edd Morgan shows IronRuby interaction with POCOs and considerations to make this implementation run “on Rails.” Richard Campbell tells what .NET 4.0 does better than its previous versions regarding performance, thread management, and security, Glenn Block offers a primer on MEF for Visual Basic .NET developers in a Silverlight application. Rob Reynolds explains how to…

0

Thread Management and other CLR TidBits

Every month, the CLR team gives us insight into the core of managed code, .NET programming best practices, technologies underlying the CLR and .NET Framework, and other tips and suggestions. In the December 2008 issue of MSDN Magazine, Erika Fuentes and Eric Eilebrecht cover some common issues developers encounter when tuning multithreaded managed code, particularly…

0

Security Briefs: Threat Models Improve Your Security Process

It’s helpful to think about secure design from a more holistic perspective by using threat models to drive your security engineering process. In the November 2008 issue of MSDN Magazine, Michael Howard proposes using the threat model to help drive other SDL security requirements, primarily code review priority, fuzz testing priority, and attack surface reduction….

0

Windows File And Registry Permissions

The basic security mechanism of Windows involves having a trusted system component check permissions and rights (AccessCheck) before an operation is allowed to proceed. In the November 2008 issue of MSDN Magazine, John R. Michener explains how to set values for the security settings on objects and how those values are processed. You can also…

0

Security Development Lifecycle for Agile Development

The concept of Agile security does not have to be a contradiction in terms. The Microsoft SDL team has defined a set of process improvements that increase security focus while respecting the need to release new code on an ultra-short timeline. In the November 2008 issue of MSDN Magazine, Bryan Sullivan explains how Microsoft has…

0

Service Station: Authorization In WCF-Based Services

Once you start adopting service-oriented principles for your distributed applications, you are crossing a security boundary for every service call you make. Windows Communication Foundation (WCF) provides powerful facilities for implementing authorization in your services. In the October 2008 issue of MSDN Magazine, Dominick Baier and Christian Weyer explain how to use role-based and claims-based…

0

Security Briefs: SDL Embraces The Web

The Security Development Lifecycle (SDL) team recently released details of the SDL process at microsoft.com/sdl. What you won’t find in the publicly available SDL documentation is guidance specific to securing Web applications or online services. In the September 2008 issue of MSDN Magazine, Bryan Sullivan explains why it’s just as important to threat model your…

0

Foundations: Code Access Security in WCF

In the .NET Framework 3.5, WCF only allows a limited set of scenarios to execute in partial trust. Ideally, you would like to tap into the full power of WCF from distributed transactions to reliable calls to various security credential types without trading off CAS—that is, without resorting to full trust. In the April 2008…

0

Security Briefs: Approaches to Threat Modeling

There are many things called threat modeling. Rather than argue about which is "the one true way," a good practice is to consider your needs and what your skills, abilities, and schedules are, and then work with a method that’s best for you. In the July 2008 issue of MSDN Magazine, Adam Shostack explains how…

0

Security: a One-Time Password Solution

Passwords can be a big security and manageability headache for enterprise IT administrators. Because passwords are cached on computer hard drives and stored on servers, they are susceptible to cracking. In the June 2008 issue of MSDN Magazine, Dan Griffin explains why one-time passwords (OTP) are an excellent alternative to standard passwords and walks you…

0