.Net Full Trust

From OWASP

This page contains links to Dinis' research on the problems of .Net's Full Trust.

Note: this section is under construction, there are still quite a number of resources that need to be added.

Articles and Posts trying to raise attention to this issue

• An 'Asp.Net' accident waiting to happen
• Microsoft must deliver secure environments not tools to write secure code
• Full Trust Asp.Net Security Vulnerabilties, and Microsoft's current position
• Current Microsoft Info about CAS and Full Trust
• What are the 'Real World' security advantages of the .Net Framework and the JVM?

Other (misc)

• Microsoft's 'Full Trust ASP.NET in IIS 6.0 is Insecure by Design, by Default and in Deployment' Internal White Paper
• Secure by de...what? (User instances in SQL Server 2005 Express Edition)
• The .Net Framework is also affected by the WMF vulnerabilty
• Mono vs Medium Trust
• 'Is .NET A Wrapper Around Win32?' and 'Analysis of .NET Use in Longhorn and Vista'

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.