Saturday, October 03, 2009

Link Listings
Case Study: Web 2.0 SOA Scenario
Meet CAM: A new XML validation technology : Take semantic and structural validation to the next level
U2 Compact Framework : UniObject for .NET Compact Framework for a smarter planet
Data scoring: Convert data with XQuery : Do quality analysis on conversion results
Build a RESTful Web service using Jersey and Apache
Integrate your PHP application with Google Contacts : Read and write contact information from Google Contacts with XML and PHP
Introducing Quercus, a Java-based PHP framework
Implement a real-time server push in Ajax applications using socket-based RIA technologies
Two new Microsoft Security Developement Lifecycle (SDL) tools: MiniFuzz File Fuzzer and BinScope Binary Analyzer
Microsoft has announced two new Security Development Lifecycle (SDL) tools here:
MiniFuzz File Fuzzer
MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected application behaviors.
Because fuzzing is effective at finding bugs, it is a required activity in the Verification Phase of the Microsoft Security Development Lifecycle (SDL). With the release of MiniFuzz, we have made a simple file fuzzer available to assist developer efforts to find and address more bugs in code before it ships to customers.
BinScope Binary Analyzer
The BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, and up-to-date build tools are in place.
BinScope also reports on dangerous constructs that are prohibited or discouraged by the SDL (e.g. read/write shared sections and global function pointers). For a more detailed enumeration of the checks performed by BinScope, please see the BinScope documentation. BinScope is available in two forms: as a standalone executable and as a Visual Studio add-on.
Jeremy Dallman, of Microsoft, explains both tools in this post.