Robert Hurlbut's Blog

Thoughts on .NET, Security, Architecture, Agility, and Databases.

Syndication

.Company / Other Sites / Other Blogs

.NET Links

.NET Local Boston Events

.NET User Groups in New England

Blogs - .NET

Blogs - Agile

Blogs - Architecture

Blogs - CLR

Blogs - Security

Blogs - SQL Server

Blogs - System.Transactions

Enterprise Services (COM+) Resources

Indigo Resources

Microsoft Security Resources

Presentation resources

Recommended Books

Rotor Resources

Security Resources

September 2009 - Posts

Thursday, September 17, 2009 2:21 PM

Two new Microsoft Security Developement Lifecycle (SDL) tools: MiniFuzz File Fuzzer and BinScope Binary Analyzer

Microsoft has announced two new Security Development Lifecycle (SDL) tools here:

MiniFuzz File Fuzzer

MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected application behaviors.

Because fuzzing is effective at finding bugs, it is a required activity in the Verification Phase of the Microsoft Security Development Lifecycle (SDL). With the release of MiniFuzz, we have made a simple file fuzzer available to assist developer efforts to find and address more bugs in code before it ships to customers.

BinScope Binary Analyzer

The BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.  BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, and up-to-date build tools are in place.

BinScope also reports on dangerous constructs that are prohibited or discouraged by the SDL (e.g. read/write shared sections and global function pointers).  For a more detailed enumeration of the checks performed by BinScope, please see the BinScope documentation.  BinScope is available in two forms: as a standalone executable and as a Visual Studio add-on.

 Jeremy Dallman, of Microsoft, explains both tools in this post.

 

Posted by RHurlbut
Filed under: , ,
Thursday, September 17, 2009 1:20 PM

NHibernate and Fluent NHibernate Training

I have spent a great deal of time over the last year and a half on a couple of projects architecting solutions using NHibernate and Fluent NHibernate as the preferred ORM (object relational mapper). It has really matured into a great set of products with the release of NHibernate 2.1 (especially with System.Transaction support) and Fluent NHibernate 1.0. I have also used LINQ to NHibernate 1.0 and like how that works as well, but it could be tweaked some more.

I have decided to turn that experience into training classes offered through my independent consulting company. Please check out my Training page on my company web site if you are interested.

Posted by RHurlbut
Filed under: , ,
More Posts