Each chapter in this book tells you one of the most common programming flaws that leads to a security exploit and how to solve it. Chapter 2 focuses on format string problems.
Although it is generally deemed bad practice, sometimes secrets simply have to be stored somewhere that is accessible to users and/or applications. This article outlines some of the best practices for storing secrets on various Windows platforms.
You cannot build secure systems until you understand your threats. Threat modeling is essential to a secure enterprise. Microsoft has adopted threat modeling, and now no product design is complete without a threat model. In this article, Microsoft's Michael Howard uses his experience to explain the process of threat modeling and how to use it in any organization.
Some inherent usage errors in many applications that employ the RC4 algorithm leave the applications vulnerable to attacks. Learn these errors and how to rectify them.
The new /GS option in the new Microsoft Visual C++.NET compiler will help reduce the instances of exploitable buffer overruns in your Windows application code
VS.NET Web services designers make two critical mistakes when connecting their Web services to database servers.
The Web is a battleground where data input attacks are a real danger. Michael Howard illustrates how attackers can gain access to your Web apps and how best to stop them.