Secure Coding mailing list archives
RE: Dot Net guidelines?
From: "Kreusch, Stephen (ZA - Johannesburg)" <skreusch () deloitte co za>
Date: Wed, 07 Apr 2004 17:27:40 +0100
You can look at Microsoft's document in their Patterns & Practices series, titled "Building Secure ASP.NET Applications -Authentication, Authorization, and Secure Communication". It's available at http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID= 055FF772-97FE-41B8-A58C-BF9C6593F25E There's a three part series on Component Security Design Considerations available at http://www.arctecgroup.net/articles.htm Part 1 J2EE Security Part 2 .Net Security Part 3 Comparing J2EE and .Net Security Looks fairly high-level, compared to the Microsoft documentation, so you may want to give these three docs to your development teams as a start. Sanctum have released "Secure Coding Practices for Microsoft .NET Applications", available at http://www.sanctuminc.com/pdf/whitepaper_secure_coding_practices_vsdotne t.pdf. It's basically a brief checklist of things to avoid. You can also look at the OWASP.net site, currently at http://domain444037.sites.fasthosts.com/OWASP/aspx/. There is a Security Guides link off the main page. I don't claim to have read all these docs in great detail, so YMMV. Regards Stephen -----Original Message----- From: Bret Watson [mailto:[EMAIL PROTECTED] Sent: 06 April 2004 01:37 AM To: sc-l Subject: [SC-L] Dot Net guidelines? Hi All, my boss has asked me to see if there are any guidelines out there regarding dot Net... We currently use Java, but we expect the development teams to want to use microsoft's lastest toy sooner or later.. Thanks, Bret Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.deloitte.com/za/disclaimer The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to [EMAIL PROTECTED]
Current thread:
- Dot Net guidelines? Bret Watson (Apr 06)
- RE: Dot Net guidelines? Anil John (Apr 07)
- <Possible follow-ups>
- RE: Dot Net guidelines? Nick Lothian (Apr 07)
- RE: Dot Net guidelines? Hans Westphal (Apr 07)
- RE: Dot Net guidelines? Kreusch, Stephen (ZA - Johannesburg) (Apr 07)