O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Unmanaged Code

Code that calls unmanaged Win32 APIs or COM components requires the unmanaged code permission. This should only be granted to highly trusted code. It is defined by the SecurityPermission type with its Flags property set to SecurityPermissionFlag.UnmanagedCode.

The following guidelines for calling unmanaged code build upon those introduced in Chapter 7.

  • Use naming conventions to indicate risk.

  • Request the unmanaged code permission.

  • Sandbox unmanaged API calls.

  • Use SupressUnmanagedCodeSecurityAttribute with caution.

Use Naming Conventions to Indicate Risk

Categorize your unmanaged code and prefix the types used to encapsulate the unmanaged APIs by using the following naming convention.

  • Safe. This identifies code that poses no possible security ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required