Security resources for .NET

This page contains useful links for learning about .NET security. Specifically it lists hyperlinks to resources that address security and how it is implemented in .NET framework technologies.

Key topics covered here are lists of URLs and major topic areas that a developer or outsource client will need to learn in order to design .NET applications so that they pass scrutiny of the Microsoft security development lifecycle.

General security

  •   Microsoft
 
  • Open Web Application Security Project

http://www.owasp.org/index.php/Main_Page

  •   OWASP .NET section and tools

http://www.owasp.org/index.php/Category:OWASP_.NET_Project

  • Certificates and cert stores
    • Secure asp.net apps w. client certs:

http://support.microsoft.com/kb/315588 (1.0/1.1)

  •   Support certificates in your apps (2.0)

http://msdn.microsoft.com/en-us/magazine/cc163454.aspx

  •   Security features added in .NET 2.0

http://www.theserverside.net/tt/articles/showarticle.tss?id=NewSecurityFeatures

  •   Assymmetric encryption in SQL Server

http://www.4guysfromrolla.com/articles/022807-1.aspx

  • Security tools
    •   Built-in tools in .NET (list)

http://www.c-sharpcorner.com/UploadFile/puranindia/661/

  •   Microsoft SDL Pro Network security tool providers

http://www.microsoft.com/security/sdl/getstarted/pronetwork.aspx

  •   Microsoft Threat Modelling Tool

http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx

  •   VS 2010 Code Analysis for Managed Code (Rule Sets)

http://msdn.microsoft.com/en-us/library/3z0aeatx.aspx

  •   Code Analysis Security Rules

http://msdn.microsoft.com/en-us/library/dd264921.aspx

  •   Creating your own rule sets

http://blogs.msdn.com/b/habibh/archive/2009/08/12/...

  •   CAT.NET

http://www.security-database.com/toolswatch/...

  • CAS
    • Introduction to Code Access Security

http://www.codeproject.com/KB/security/UB_CAS_NET.aspx

  • CAS in practice

http://msdn.microsoft.com/en-us/library/ff648663.aspx

  • Smart clients with WCF

http://msdn.microsoft.com/en-us/library/ff647359.aspx - then go to chapter 5 for security

  • WebParts
    •   SharePoint FxCop rule sets - thin on ground but occasional examples

http://sovfxcoprules.codeplex.com

  •   Sharepoint: implementing basic CAS for WSS

http://www.sharepointdevwiki.com/...

  •  CAS and Web Parts

http://my.advisor.com/doc/19242