Software and web application security

.NET Framework 3.0 security guidelines

With the coming Rich Internet Applications (RIA), the Web 2.0 and all the buzz, one of my research projects is to map out specific issues with the .NET Framework 3.0. Some of the goals are:

  • to provide security guidance to clients
  • to automate more code analysis around the .Net Framework 3.0 object model

.NET Framework V2.0 Obsolete API List

These lists identify all of the APIs which are obsolete in the .NET Framework V2.0.
http://msdn2.microsoft.com/en-us/netframework/aa497286.aspx

When to add an assembly to the GAC

The GAC (Global Assembly Cache) is all-powerful, giving system-wide access to assemblies. It is after all, the machine-wide repository for shared assemblies. The GAC is not the place you want to go installing any old assembly you create. Here are some general guidelines for when to “consider” adding an assembly to the GAC.

  • when many applications will need access to your assembly
  • when your assembly specifically requires the features that the GAC provides (such as integrity checking and versioning)

Simple enough… in essence, avoid installing to the GAC because your assembly will be highly exposed, and any flaws in your code will be much more exploitable.

For more information check the MSDN docs “Working with Assemblies and the Global Assembly Cache” http://msdn2.microsoft.com/en-us/library/6axd4fx6(VS.80).aspx

Advertisements

8 Comments »

  1. Hi Chris

    This is a great project.

    Have you looked at MS’s Channel 9’s .Net security section. There is so much good information in there, that I would start by listing what you think should be in there and is not (and the bits that are not in there is where you should focus on)

    Good luck

    Dinis Cruz
    Chief OWASP Evangelist
    http://www.owasp.org

    Comment by Dinis Cruz — January 24, 2007 @ 2:59 am

  2. I do not know if it’s just me or if everybody else experiencing problems with your blog. It appears as if some of the written text within your content are running off the screen. Can someone else please comment and let me know if this is happening to them too? This may be a issue with my web browser because I’ve had this happen previously.
    Thanks

    Comment by best can opener made in usa — May 8, 2013 @ 11:36 pm

  3. Ur blog post, “.NET Framework 3.0 security guidelines | Software and
    web application security” was in fact worthy of commenting here!

    Merely wished to point out you actually did a superb work.
    Thanks for your time ,Nilda

    Comment by Marietta — June 7, 2013 @ 6:06 am

  4. Whatever honestly influenced u to compose “.NET Framework 3.
    0 security guidelines | Software and web application security”?
    I personallyhonestly loved the blog post! Thanks for your effort ,Geneva

    Comment by Amelia — August 3, 2013 @ 6:36 am

  5. This specific post, “.NET Framework 3.0 security guidelines | Software and web application security” reveals the fact that you truly
    fully understand everything that u r communicating about!

    I actually thoroughly approve. Many thanks -Shoshana

    Comment by Audrea — August 4, 2013 @ 9:14 am

  6. This unique article, “.NET Framework 3.0 security guidelines | Software
    and web application security” was in fact excellent.
    I’m printing out a replicate to show my colleagues.
    Thanks for your effort-Blanche

    Comment by Junior — August 16, 2013 @ 4:46 am

  7. This is really the 4th blog, of urs I read. But I really enjoy
    this 1, “.NET Framework 3.0 security guidelines | Software and
    web application security” the most. Regards -Bernardo

    Comment by Christel — August 16, 2013 @ 8:39 pm

  8. I actually desired to show this posting, “.NET Framework 3.0 security guidelines
    | Software and web application security” along with my pals
    on facebook .com. I actuallysimply just planned to spread your outstanding publishing!
    Thanks a lot, Israel

    Comment by Harley — January 1, 2014 @ 8:32 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: