Export (0) Print
Expand All

Secure Coding Guidelines 

Evidence-based security policy and code access security provide very powerful, explicit mechanisms to implement security. Most application code can simply use the infrastructure implemented by the .NET Framework. In some cases, additional application-specific security is required, built either by extending the security system or by using new ad hoc methods.

Using the .NET Framework-enforced permissions, and other enforcement in your code, you should erect barriers to prevent malicious code from obtaining information that you do not want it to have or performing other undesirable actions. Additionally, you must strike a balance between security and usability in all the expected scenarios using trusted code.

In This Section

Secure Coding Overview

Provides an overview of basic secure coding techniques.

Permission Requests

Describes how to interact with the .NET Framework security system using security requests.

Securing State Data

Describes how to protect private members and boxed value types.

Securing Method Access

Describes how to help protect methods from being called by partially trusted code.

Securing Wrapper Code

Describes security concerns for code that wraps other code.

Security and Public Read-only Array Fields

Describes security concerns for code that uses public read-only arrays found in .NET libraries.

Securing Exception Handling

Describes security concerns for handling exceptions.

Security and User Input

Describes security concerns for applications that accept user input.

Security and Remoting Considerations

Describes security concerns for applications that communicate across application domains.

Security and Serialization

Describes security concerns when serializing objects.

Security and Race Conditions

Describes how to avoid race conditions in your code.

Security and On-the-Fly Code Generation

Describes security concerns for applications that generate dynamic code.

Dangerous Permissions and Policy Administration

Describes permissions that can potentially allow security to be circumvented.

Security and Setup Issues

Describes considerations for testing and setup of your application.

Related Sections

Securing ASP.NET Web Applications

Describes ASP.NET security in detail and provides instructions for using it in your code.

Code Access Security

Describes .NET Framework code access security in detail and provides instructions for using it in your code.

Role-Based Security

Describes .NET Framework role-based security in detail and provides instructions for using it in your code.

Security Policy Management

Describes the .NET Framework security policy model.

Community Additions

ADD
Show:
© 2014 Microsoft