Secure Coding Guidelines
Evidence-based security policy and code access security provide very powerful, explicit mechanisms to implement security. Most application code can simply use the infrastructure implemented by the .NET Framework. In some cases, additional application-specific security is required, built either by extending the security system or by using new ad hoc methods.
Using the .NET Framework-enforced permissions, and other enforcement in your code, you should erect barriers to prevent malicious code from obtaining information that you do not want it to have or performing other undesirable actions. Additionally, you must strike a balance between security and usability in all the expected scenarios using trusted code.
In This Section
- Secure Coding Overview
- Provides an overview of basic secure coding techniques.
- Permission Requests
- Describes how to interact with the .NET Framework security system using security requests.
- Securing State Data
- Describes how to protect private members and boxed value types.
- Securing Method Access
- Describes how to help protect methods from being called by partially trusted code.
- Securing Wrapper Code
- Describes security concerns for code that wraps other code.
- Securing Exception Handling
- Describes security concerns for handling exceptions.
- Security and User Input
- Describes security concerns for applications that accept user input.
- Security and Remoting Considerations
- Describes security concerns for applications that communicate across application domains.
- Security and Serialization
- Describes security concerns when serializing objects.
- Security and Race Conditions
- Describes how to avoid race conditions in your code.
- Security and On-the-Fly Code Generation
- Describes security concerns for applications that generate dynamic code.
- Dangerous Permissions and Policy Administration
- Describes permissions that can potentially allow security to be circumvented.
- Security and Setup Issues
- Describes considerations for testing and setup of your application.
- Securing ASP.NET Web Applications
- Describes ASP.NET security in detail and provides instructions for using it in your code.
- Code Access Security
- Describes .NET Framework code access security in detail and provides instructions for using it in your code.
- Role-Based Security
- Describes .NET Framework role-based security in detail and provides instructions for using it in your code.
- Security Policy Management
- Describes the .NET Framework security policy model.