|
 |
| Windows NT/2000 Privileges: Don't Use a Jackhammer to Open a Tin Can by Michael Howard Many developers run their Windows NT/2000 code under privileged accounts when they don't have to, which compromises the security of the code. Learn how to determine which privileges are required to execute code correctly and securely. |
| New Visual C++.NET Option Tightens Buffer Security by Michael Howard The new /GS option in the new Microsoft Visual C++.NET compiler will help reduce the instances of exploitable buffer overruns in your Windows application code. Michael Howard breaks down exactly how the compile-time option does it. |
| RC4 Usage Errors Leave Your Data Exposed by Michael Howard Many applications using the RC4 algorithm for encryption are vulnerable to attacks because they use RC4 incorrectly. Michael Howard examines these errors, illustrates how attackers can use them to compromise your apps, and shows how to rectify them. |
| 5 Tips for Thwarting Data Input Attacks Against Your Web App by Michael Howard The Web is a battleground where data input attacks are a real danger. Michael Howard illustrates how attackers can gain access to your Web apps and how best to stop them. |
| 15 Tips for Secure Win32 Programming by Michael Howard So many developers work with the Win32 API, yet finding a Win32 secure programming checklist can be a chore. "Best Defense" columnist Michael Howard fills the void with 15 do's and don'ts for keeping your Win32 programming secure. |
| Testing for Buffer Overruns by Michael Howard The buffer overrun is one of the most dangerous and prevalent vulnerabilities in system code. Testing is one way to detect and rectify this vulnerability. Michael Howard lays out the testing process and provides code samples for testing various applications. |
| Secure Systems Begin with Knowing Your Threats, Part 1 by Michael Howard You can't build a secure solution until you know what your security threats are. In the first of a two-part series, Michael Howard examines such threats and lays out a simple threat-analysis process for evaluating them. |
| Secure Systems Begin with Knowing Your Threats, Part 2 by Michael Howard Michael Howard concludes his threat analysis series with a look at the nuts and bolts of the process, from identifying threats to evaluating risk to mitigating potential attacks on your systems. |
| Storing Your Secret Data in Windows by Michael Howard It may be a bad practice, but sometimes you simply have to store secret data somewhere that is accessible to users and/or applications. So what's the most secure way to do it? In his debut Security Zone article, "Best Defense" columnist Michael Howard outlines some best practices for storing secrets on various Windows platforms. |
| Secure Account Management Across Production and Development Environments by Eric Budke How user and administrative accounts are handled across systems and environments is a major security issue. Yet, few companies have policies and procedures in place to properly address this issue. Security consultant Eric Budke discusses how best to split the development and production areas, and describes how to convert a secure system into the central password server using a couple of free tool downloads. |
Back to the Security Zone |
|