Penetration Testing mailing list archives
Pen-tester's analysis of .NET security?
From: "Lachniet, Mark" <mlachniet () sequoianet com>
Date: Wed, 24 Mar 2004 14:47:44 -0500
Is anyone aware of a whitepaper or analysis of the security features (and weaknesses?) of Microsoft's .NET platform for web applications? A number of interesting features, such as input validation and session tracking, are built into .NET, and I'd be interested to hear if anyone has kicked it around much. Please note, I am *not* interested in references to Microsoft documentation, developer web sites, or conventional information sources, but rather information from the viewpoint of a pen-tester doing web application security analysis work. Thank you in advance, Mark Lachniet --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- Pen-tester's analysis of .NET security? Lachniet, Mark (Mar 24)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 24)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 24)
- Re: Pen-tester's analysis of .NET security? Jeff Bryner (Mar 24)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 25)
- Re: Pen-tester's analysis of .NET security? H D Moore (Mar 25)
- RE: Pen-tester's analysis of .NET security? Dominick Baier (Mar 26)
- RE: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 26)
- Re: Pen-tester's analysis of .NET security? dd (Mar 26)
- RE: Pen-tester's analysis of .NET security? Dominick Baier (Mar 26)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 24)
- <Possible follow-ups>
- RE: Pen-tester's analysis of .NET security? Joel Friedman (Mar 25)
- RE: Pen-tester's analysis of .NET security? Dinis Cruz (Mar 26)