dotnet · mairaw · Jun 4, 2018 · Jun 4, 2018
diff --git a/docs/framework/data/adonet/sql/writing-secure-dynamic-sql-in-sql-server.md b/docs/framework/data/adonet/sql/writing-secure-dynamic-sql-in-sql-server.md
@@ -58,8 +58,7 @@ SQL Injection is the process by which a malicious user enters Transact-SQL state
 
 |Resource|Description|  
 |--------------|-----------------|  
-|[Stored Procedures](http://go.microsoft.com/fwlink/?LinkId=98233) and [SQL Injection](http://go.microsoft.com/fwlink/?LinkId=98234) in SQL Server Books Online|Topics describe how to create stored procedures and how SQL Injection works.|  
-|[New SQL Truncation Attacks And How To Avoid Them](http://msdn.microsoft.com/msdnmag/issues/06/11/SQLSecurity/) in MSDN Magazine.|Describes how to delimit characters and strings, SQL injection, and modification by  truncation attacks.|  
+|[Stored Procedures](/sql/relational-databases/stored-procedures/stored-procedures-database-engine) and [SQL Injection](/sql/relational-databases/security/sql-injection) in SQL Server Books Online|Topics describe how to create stored procedures and how SQL Injection works.|  
 
 ## See Also  
  [Securing ADO.NET Applications](../../../../../docs/framework/data/adonet/securing-ado-net-applications.md)  

diff --git a/docs/framework/wcf/feature-details/best-practices-for-security-in-wcf.md b/docs/framework/wcf/feature-details/best-practices-for-security-in-wcf.md
@@ -27,9 +27,7 @@ The following sections list the best practices to consider when creating secure
 -   the use of stronger cryptographic algorithms, and  
 
 -   the greater difficulty of utilizing forwarded X509 credentials.  
-
- For an overview of NTLM forwarding attacks, go to [http://msdn.microsoft.com/msdnmag/issues/06/09/SecureByDesign/default.aspx](http://go.microsoft.com/fwlink/?LinkId=109571).  
-
+
 ## Always Revert After Impersonation  
  When using APIs that enable impersonation of a client, be sure to revert to the original identity. For example, when using the <xref:System.Security.Principal.WindowsIdentity> and <xref:System.Security.Principal.WindowsImpersonationContext>, use the C# `using` statement or the Visual Basic`Using` statement, as shown in the following code. The <xref:System.Security.Principal.WindowsImpersonationContext> class implements the <xref:System.IDisposable> interface, and therefore the common language runtime (CLR) automatically reverts to the original identity once the code leaves the `using` block.