Before you can effectively develop secure applications, you must posses a fundamental understanding of security concepts and the security features of the platforms for which you develop. You should also have an understanding of secure coding techniques.
- Securing Applications
- Describes .NET Framework code access security, role-based security, security policy, and security tools.
- An Overview of Security in the .NET Framework
- Profiles the fundamental features in the Microsoft .NET Framework security system.
- The Ten Immutable Laws of Security (http://www.microsoft.com/technet/columns/security/essays/10imlaws.asp)
- Discusses real security problems that are not the result of product flaws.
Coding for Security
Most coding errors that result in security vulnerabilities occur because developers make invalid assumptions when working with user input or because they do not fully understand the platform for which they are developing.
- Secure Coding Guidelines for the .NET Framework
- Describes the security system, discusses the security issues you might need to consider in your code, and provides guidelines for classifying your components to address security issues.
- Compiler Security Checks
- Discusses buffer overruns and the complete picture of the Microsoft Visual C++ .NET security checks feature provided by the /GS compile-time flag.
- Security Tutorial
- Discusses .NET Framework security and shows how to modify security permissions in C#.