David Boschmans' Weblog : Performing a Security Code Review for NET 2.0

posted on Thursday, October 13, 2005 3:41 PM by davidboschmans

Performing a Security Code Review for NET 2.0

The Microsoft Security Guidance Team has published an article on how to perform a security code review for managed code and more specific for the .NET Framework 2.0.

In 4 steps the activities and techniques for analyzing your results will be covered.

Step 1. Identify Security Code Review Objectives
Step 2. Perform a Preliminary Scan
Step 3. Review Code for Security Issues
Step 4. Review for Security Issues Unique to the Architecture

This way a security code review is an effective mechanism for uncovering security issues before testing or deployment begins. Use this activity to review managed code built with the .NET Framework 2.0. Check also the companion question lists to determine if your application is susceptible to the listed security issues. The companion Question Lists are:

Security Question List: ASP.NET 2.0
Security Question List: Managed Code (.NET Framework 2.0)

For the ones still using the .NET Framework 1.1, check chapter 21 Code Review on Threats and Countermeasures that is part of the Patterns & Practices guidance.

David Boschmans' Weblog

Archives

Navigation

Post Categories

Events

About Me

Belgian Blogroll

MS Belux Bloggers

Performing a Security Code Review for NET 2.0

Comments