Partilhar via


Application Security - each one, teach one

Richard Lewis' application security notes for the software designer, developer and tester

IIS 6.0 General

For those of you who have heard a lot about IIS but have never got a chance to try it out, here's...

Date: 04/12/2007

Lesser known feature of SSL validation overrides in .NET

During setup of an SSL connection, the client validates the server's digital certificate. This is...

Date: 03/28/2007

Providing entry points for handling errors in VC++ 2005

The previous version of the C runtime had many flaws in its design. For example, the functions in...

Date: 03/10/2007

My first assignment at Microsoft

I recently completed my first security assignment at Microsoft. The customer needed specific...

Date: 03/01/2007

Writing to Registry? Some best-practices...

Use the following best practices when dealing with the Windows registry. Use of registry reduces...

Date: 01/30/2007

Code signing mini-FAQ

What really is code signing?At a high level, code signing allows you to generate a digital signature...

Date: 01/25/2007

Cryptography Cognizance for Application Designers and Developers

Here's the abstract for a whitepaper I am beginning to write - Cryptography is increasingly emerging...

Date: 01/24/2007

Understanding 'padding' in symmetric key cryptography

Symmetric key algorithms like 3DES, AES etc operate on blocks of input data. For this to happen, the...

Date: 01/22/2007

Temporary file generation and usage best practices

This article previously appeared at CodeProject.com IntroductionMany applications require to create...

Date: 01/22/2007

Welcome

Hi - I am Richard Lewis and am proud to have joined the ACE team at Microsoft. We are heavily into...

Date: 01/22/2007