Export (0) Print
Expand All
4 out of 8 rated this helpful - Rate this topic

Secure Coding Guidelines

Evidence-based security policy and code access security provide very powerful, explicit mechanisms to implement security. Most application code can simply use the infrastructure implemented by the .NET Framework. In some cases, additional application-specific security is required, built either by extending the security system or by using new ad hoc methods.

Using the .NET Framework-enforced permissions, and other enforcement in your code, you should erect barriers to prevent malicious code from obtaining information that you do not want it to have or performing other undesirable actions. Additionally, you must strike a balance between security and usability in all the expected scenarios using trusted code.

Secure Coding Overview

Provides an overview of basic secure coding techniques.

Permission Requests

Describes how to interact with the .NET Framework security system using security requests.

Securing State Data

Describes how to protect private members.

Securing Method Access

Describes how to help protect methods from being called by partially trusted code.

Securing Wrapper Code

Describes security concerns for code that wraps other code.

Security and Public Read-only Array Fields

Describes security concerns for code that uses public read-only arrays found in .NET libraries.

Securing Exception Handling

Describes security concerns for handling exceptions.

Security and User Input

Describes security concerns for applications that accept user input.

Security and Remoting Considerations

Describes security concerns for applications that communicate across application domains.

Security and Serialization

Describes security concerns when serializing objects.

Security and Race Conditions

Describes how to avoid race conditions in your code.

Security and On-the-Fly Code Generation

Describes security concerns for applications that generate dynamic code.

Dangerous Permissions and Policy Administration

Describes permissions that can potentially allow security to be circumvented.

Security and Setup Issues

Describes considerations for testing and setup of your application.

How to: Run Partially Trusted Code in a Sandbox

Explains how to run a partially trusted application in a restricted security environment, which limits the code access permissions granted to it.

Securing ASP.NET Web Applications

Describes ASP.NET security in detail and provides instructions for using it in your code.

Code Access Security

Describes .NET Framework code access security in detail and provides instructions for using it in your code.

Role-Based Security

Describes .NET Framework role-based security in detail and provides instructions for using it in your code.

Security Policy Management

Describes the .NET Framework security policy model.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.