Design Secure Visual Studio.NET Web Services , After security reviews of numerous Web services during the past year, Michael Howard has noticed two critical mistakes that VS.NET Web services designers make when connecting to database servers. Use his solutions and code samples to lock down your Web services.

Two Mistakes That Compromise ISAPI Application Security , Many Internet developers use ISAPI code for its speed, but they often overlook two mistakes that can leave their systems vulnerable to worms and hack attacks.

To ensure the most security for the sensitive customer information your Web site stores in databases, encrypt the data itself and use effective key management. Best Defense columnist Michael Howard shows you how.

Learn how to determine which Windows NT\2000 privileges are required to execute code correctly and securely.

The new \GS option in the new Microsoft Visual C++.NET compiler will help reduce the instances of exploitable buffer overruns in your Windows application code. by Michael Howard

Many applications using the RC4 algorithm for encryption are vulnerable to attacks because they use RC4 incorrectly. Michael Howard examines these errors, illustrates how attackers can use them to compromise your apps, and shows how to rectify them.

The Web is a battleground where data input attacks are a real danger. Michael Howard illustrates how attackers can gain access to your Web apps and how best to stop them.

So many developers work with the Win32 API, yet finding a Win32 secure programming checklist can be a chore. "Best Defense" columnist Michael Howard fills the void with 15 do's and don'ts for keeping your Win32 programming secure.

The buffer overrun is one of the most dangerous and prevalent vulnerabilities in system code. Testing is one way to detect and rectify this vulnerability. Michael Howard lays out the testing process and provides code samples for testing various applications.

You can't build a secure solution until you know what your security threats are. In the first of a two-part series, Michael Howard examines such threats and lays out a simple threat-analysis process for evaluating them.

Michael Howard concludes his threat analysis series with a look at the nuts and bolts of the process, from identifying threats to evaluating risk to mitigating potential attacks on your systems.

Although it is generally deemed bad practice, sometimes secrets simply have to be stored somewhere that is accessible to users and\or applications. This article outlines some of the best practices for storing secrets on various Windows platforms.

How user and administrative accounts are handled across systems and environments is a major security issue. Yet, few companies have policies and procedures in place to properly address this issue. Security consultant Eric Budke discusses how best to split the development and production areas, and describes how to convert a secure system into the central password server using a couple of free tool downloads.