Secure Coding mailing list archives

RE: Dot Net guidelines?

From: "Kreusch, Stephen (ZA - Johannesburg)" <skreusch () deloitte co za>
Date: Wed, 07 Apr 2004 17:27:40 +0100

You can look at Microsoft's document in their Patterns & Practices
series, titled "Building Secure ASP.NET Applications -Authentication,
Authorization, and Secure Communication".  It's available at
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=
055FF772-97FE-41B8-A58C-BF9C6593F25E

There's a three part series on Component Security Design Considerations
available at http://www.arctecgroup.net/articles.htm

        Part 1 J2EE Security
        Part 2 .Net Security
        Part 3 Comparing J2EE and .Net Security

Looks fairly high-level, compared to the Microsoft documentation, so you
may want to give these three docs to your development teams as a start.

Sanctum have released "Secure Coding Practices for Microsoft .NET
Applications", available at
http://www.sanctuminc.com/pdf/whitepaper_secure_coding_practices_vsdotne
t.pdf.  It's basically a brief checklist of things to avoid.

You can also look at the OWASP.net site, currently at
http://domain444037.sites.fasthosts.com/OWASP/aspx/.  There is a
Security Guides link off the main page.

I don't claim to have read all these docs in great detail, so YMMV.

Regards
Stephen


-----Original Message-----
From: Bret Watson [mailto:[EMAIL PROTECTED] 
Sent: 06 April 2004 01:37 AM
To: sc-l
Subject: [SC-L] Dot Net guidelines?


Hi All,
my boss has asked me to see if there are any guidelines out there
regarding 
dot Net...

We currently use Java, but we expect the development teams to want to
use 
microsoft's lastest toy sooner or later..

Thanks,

Bret
Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") 
that must be accessed and read by clicking here or by copying and pasting the following address into your Internet 
browser's address bar: http://www.deloitte.com/za/disclaimer  The Disclaimer is deemed to form part of the content of 
this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot 
access the Disclaimer, please obtain a copy thereof from us by sending an email to [EMAIL PROTECTED]

Current thread:

Dot Net guidelines? Bret Watson (Apr 06)
- RE: Dot Net guidelines? Anil John (Apr 07)
- <Possible follow-ups>
- RE: Dot Net guidelines? Nick Lothian (Apr 07)
- RE: Dot Net guidelines? Hans Westphal (Apr 07)
- RE: Dot Net guidelines? Kreusch, Stephen (ZA - Johannesburg) (Apr 07)