O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Managed Code Review Guidelines

Assembly-Level Checks

Check

Description

Assemblies have a strong name. (Dynamically generated ASP.NET Web page assemblies cannot currently have a strong name.)

You have considered delay signing as a way to protect and restrict the private key that is used in the strong name and signing process.

Assemblies include declarative security attributes (with SecurityAction.RequestMinimum) to specify minimum permission requirements.

Highly privileged assemblies are separated from lower privileged assemblies.

If the assembly is to be used in a partial-trust environment (for example, it is called from a partial-trust Web application), then privileged code is sandboxed in a separate assembly.

Class-Level Checks

Check

Description ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required