Free guidelines and tools for secure .NET applications
Microsoft is making new guidelines and tools available to developers to aid development of secure applications on the .NET framework. Together with .NET software specialists newtelligence, Microsoft has developed project templates and wizards for everyday use and supplemented these with guidelines. The project was assisted by the German Federal Office for Information Security.
The focus is on correct use of Code Access Security (CAS), the security system for the .NET runtime environment. CAS is a model which can be used to define which sections of code have access to which resources and which operations they can perform with them. This should make attacks more difficult. The .NET application framework is available for Windows Vista, Windows XP and Windows Server 2003
The "CAS Tools & Best Practices" guidelines and tools can be downloaded from MSDN. An introduction explains the concept of Code Access Security and what privileges are available in the .NET framework 2.0. Use of CAS is demonstrated using various application scenarios. The CAS tools are a collection of project templates for Visual Studio 2005.
- MSDN CAS Tools & Best Practices, German project page from Microsoft; includes English language download links