Difference between revisions of ".Net Research Links"

From OWASP
Jump to: navigation, search
(Cool Articles (to normalize))
(Click Once - entry needs reformating)
(18 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
This page is a collection of links (most from my Dinis' owasp.net blog) which releate to .Net
 
This page is a collection of links (most from my Dinis' owasp.net blog) which releate to .Net
  
 +
 +
== Exploit Central  ==
 +
* http://www.milw0rm.com/
 +
* http://www.secwatch.org/ - Providing updated information on the latest security vulnerabilities.
 +
* http://www.packetstormsecurity.org/
 +
* http://elsenot.com/  - List Microsoft Security Bulletin List and exploits  (a bit out of date)
 +
* http://jav.ch/  - List Microsoft Security Bulletin List and exploits  (a bit out of date)
  
 
==  Clr stuff ==
 
==  Clr stuff ==
 +
* http://pinvoke.net - Detailed list of .NET's PInvoke definitions
 
* Very, Very interesting interview by Anders Hejlsberg (the lead C# architect) with Bruce Eckel and Bill Venners (There are 8 parts and this [http://www.artima.com/intv/choices.html CLR Design Choices] links to the 8th (which contains links to all of them))
 
* Very, Very interesting interview by Anders Hejlsberg (the lead C# architect) with Bruce Eckel and Bill Venners (There are 8 parts and this [http://www.artima.com/intv/choices.html CLR Design Choices] links to the 8th (which contains links to all of them))
 
* Yun Jin's [http://blogs.msdn.com/yunjin/archive/2004/02/21/77744.aspx Dangerous PInvokes] - string modification
 
* Yun Jin's [http://blogs.msdn.com/yunjin/archive/2004/02/21/77744.aspx Dangerous PInvokes] - string modification
Line 10: Line 18:
 
* [http://msdn2.microsoft.com/en-us/library/ms173253.aspx How to Migrate to clrpure] and [http://msdn2.microsoft.com/en-us/library/85344whh.aspx Pure and Verifiable Code]  This last one contains this note: ''“There is one coding scenario that will pass the compiler but that will result in an unverifiable assembly: calling a virtual function through an object instance using the scope resolution operator. For example: MyObj -> A::VirtualFunction();.”''
 
* [http://msdn2.microsoft.com/en-us/library/ms173253.aspx How to Migrate to clrpure] and [http://msdn2.microsoft.com/en-us/library/85344whh.aspx Pure and Verifiable Code]  This last one contains this note: ''“There is one coding scenario that will pass the compiler but that will result in an unverifiable assembly: calling a virtual function through an object instance using the scope resolution operator. For example: MyObj -> A::VirtualFunction();.”''
 
* David Notario's [http://blogs.msdn.com/davidnotario/archive/2006/01/13/512436.aspx Gotchas with Reverse Pinvoke (unmanaged to managed code callbacks)]
 
* David Notario's [http://blogs.msdn.com/davidnotario/archive/2006/01/13/512436.aspx Gotchas with Reverse Pinvoke (unmanaged to managed code callbacks)]
 +
* [http://msdn.microsoft.com/msdnmag/issues/05/05/JITCompiler/ Drill Into .NET Framework Internals to See How the CLR Creates Runtime Objects]
 +
* [http://msdn.microsoft.com/netframework/programming/clr/ The Common Language Runtime (CLR) (on MSDN)]
 +
[[Category:FIXME|this link not working]]
 +
* [http://msdn.microsoft.com/msdnmag/issues/06/05/BugBash/ Let The CLR Find Bugs For You With Managed Debugging Assistants]
 +
 +
== CAS ==
  
 +
* [http://msdn.microsoft.com/msdnmag/issues/02/09/SecurityinNET/ The Security Infrastructure of the CLR Provides Evidence, Policy, Permissions, and Enforcement Services]
  
 
== .Net 2.0 ==
 
== .Net 2.0 ==
Line 49: Line 64:
 
</li><li><p>Series of articles on <a href="http://www.artima.com/articles/index.jsp?topic=security">Artima
 
</li><li><p>Series of articles on <a href="http://www.artima.com/articles/index.jsp?topic=security">Artima
 
about Java JVM security</a></p>
 
about Java JVM security</a></p>
 +
[[Category:FIXME|link not working]]
 
</li><li><p>.Net Security Blog: <a href="http://blogs.msdn.com/shawnfa/archive/2006/01/18/514407.aspx">Isolated
 
</li><li><p>.Net Security Blog: <a href="http://blogs.msdn.com/shawnfa/archive/2006/01/18/514407.aspx">Isolated
 
Storage and ClickOnce</a>  and  <a href="http://blogs.msdn.com/shawnfa/archive/2006/01/20/514411.aspx">Detecting
 
Storage and ClickOnce</a>  and  <a href="http://blogs.msdn.com/shawnfa/archive/2006/01/20/514411.aspx">Detecting
 
that You're Running in a ClickOnce Application</a></p>
 
that You're Running in a ClickOnce Application</a></p>
</li></ul>
+
</li>
 +
<li> [[ClickOnce_Security]] - Microsoft ClickOnce Vulnerabilities and Remediation measures </li>
 +
</ul>
  
 
== WinDbg and SoS (Son of Strike) ==
 
== WinDbg and SoS (Son of Strike) ==
Line 83: Line 101:
 
.NET Framework Post</a></p>
 
.NET Framework Post</a></p>
 
</li><li><p>good document, demos and toolset:
 
</li><li><p>good document, demos and toolset:
<a href="http://msdn.microsoft.com/library/en-us/dnbda/html/DBGrm.asp?frame=true">Debugging
+
<a href="http://msdn.microsoft.com/library/en-us/dnbda/html/DBGrm.asp?frame=true">
 +
[[Category:FIXME|link not working]]
 +
Debugging
 
.NET Applications (Building Distributed Applications)</a></p>
 
.NET Applications (Building Distributed Applications)</a></p>
 
</li><li><p>Also related:</p>
 
</li><li><p>Also related:</p>
Line 96: Line 116:
 
to use ADPlus to troubleshoot hangs and crashes</a></p>
 
to use ADPlus to troubleshoot hangs and crashes</a></p>
 
</li><li><p><a href="http://msdn.microsoft.com/library/en-us/dnbda/html/dbgch02.asp?frame=true">Debugging
 
</li><li><p><a href="http://msdn.microsoft.com/library/en-us/dnbda/html/dbgch02.asp?frame=true">Debugging
Memory Problems (Building Distributed Applications)</a></p>
+
Memory Problems (Building Distributed Applications)</a></p>[[Category:FIXME|link not working]]
 
+
 
+
  
 
== IL (needs some cleaning on the links) ==
 
== IL (needs some cleaning on the links) ==
Line 126: Line 144:
  
 
* "Flexible Bytecode for Linking in .NET" (http://slurp.doc.ic.ac.uk/pubs/flexiblebytecodefordotnet-bytecode05.pdf)
 
* "Flexible Bytecode for Linking in .NET" (http://slurp.doc.ic.ac.uk/pubs/flexiblebytecodefordotnet-bytecode05.pdf)
* "Untrusted Code Security" (http://securitytf.cs.kuleuven.ac.be/teaching/UntrustedCodeSecurity.pdf)
+
* "Untrusted Code Security" (http://securitytf.cs.kuleuven.ac.be/teaching/UntrustedCodeSecurity.pdf)[[Category:FIXME|link not working]]
 
+
  
 
== Cool Articles (to normalize) ==
 
== Cool Articles (to normalize) ==
* [http://www.codeproject.com/csharp/LaunchProcess.asp Launching a process and displaying its standard output]
+
* [http://www.codeproject.com/csharp/LaunchProcess.asp Launching a process and displaying its standard output][[Category:FIXME|link not working]]
 
* [http://www.samspublishing.com/articles/article.asp?p=25922&seqNum=5&rl=1 Responding to COM Events in .NET Applications]
 
* [http://www.samspublishing.com/articles/article.asp?p=25922&seqNum=5&rl=1 Responding to COM Events in .NET Applications]
 +
* [http://msdn.microsoft.com/workshop/browser/hosting/wbcustomization.asp WebBrowser Customization] , [http://msdn.microsoft.com/workshop/browser/overview/Overview.asp About the Browser] [http://slingkid.blogsome.com/2006/05/26/blocking-images-similar-to-outlook/ Blocking images similar to Outlook in .NET 2.0] , [http://www.codeproject.com/csharp/ExtendedWebBrowser.asp Extended .NET 2.0 WebBrowser Control][[Category:FIXME|link not working]]
  
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Revision as of 06:52, 29 August 2011

This page is a collection of links (most from my Dinis' owasp.net blog) which releate to .Net


Contents

Exploit Central

Clr stuff

CAS

.Net 2.0


Click Once - entry needs reformating

Out What's New with Code Access Security in the .NET Framework 2.0] and [http://msdn.microsoft.com/msdnmag/issues/05/11/CodeAccessSecurity/default.aspx?side=true" its side notes] (MSDN Magazine, November 2005)

</li>
  • <a href="http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework.windowsforms/topic35308.aspx">ClickOnce and or No Touch Deployment example sites on Developer Newsgroups</a>

  • </ul>

    WinDbg and SoS (Son of Strike)

    SoS is the WinDbg extension for analysing Managed Applications