This page contains useful links for learning about .NET security. Specifically it lists hyperlinks to resources that address security and how it is implemented in .NET framework technologies.

Key topics covered here are lists of URLs and major topic areas that a developer or outsource client will need to learn in order to design .NET applications so that they pass scrutiny of the Microsoft security development lifecycle.

General security

  •   Microsoft
  • Open Web Application Security Project

  •   OWASP .NET section and tools

  • Certificates and cert stores
    • Secure apps w. client certs: (1.0/1.1)

  •   Support certificates in your apps (2.0)

  •   Security features added in .NET 2.0

  •   Assymmetric encryption in SQL Server

  • Security tools
    •   Built-in tools in .NET (list)

  •   Microsoft SDL Pro Network security tool providers

  •   Microsoft Threat Modelling Tool

  •   VS 2010 Code Analysis for Managed Code (Rule Sets)

  •   Code Analysis Security Rules

  •   Creating your own rule sets

  •   CAT.NET

  • CAS
    • Introduction to Code Access Security

  • CAS in practice

  • Smart clients with WCF - then go to chapter 5 for security

  • WebParts
    •   SharePoint FxCop rule sets - thin on ground but occasional examples

  •   Sharepoint: implementing basic CAS for WSS

  •  CAS and Web Parts