Pen-tester's analysis of .NET security?

From: Lachniet, Mark (mlachniet_at_sequoianet.com)
Date: 03/24/04

  • Next message: Doty, Stephen (BearingPoint): "Oracle DB Audity" 
    Date: Wed, 24 Mar 2004 14:47:44 -0500
To: <pen-test@securityfocus.com>

    Is anyone aware of a whitepaper or analysis of the security features
    (and weaknesses?) of Microsoft's .NET platform for web applications? A
    number of interesting features, such as input validation and session
    tracking, are built into .NET, and I'd be interested to hear if anyone
    has kicked it around much.

    Please note, I am *not* interested in references to Microsoft
    documentation, developer web sites, or conventional information sources,
    but rather information from the viewpoint of a pen-tester doing web
    application security analysis work.

    Thank you in advance,

    Mark Lachniet

    ---------------------------------------------------------------------------
    You're a pen tester, but is google.com still your R&D team?
    Now you can get trustworthy commercial-grade exploits and the latest
    techniques from a world-class research group.
    www.coresecurity.com/promos/sf_ept1
    ----------------------------------------------------------------------------

  • Next message: Doty, Stephen (BearingPoint): "Oracle DB Audity"