guidancelibrarystatus

Cancel Edit [WikiEntry.PreviewButtonText] Save
Return to HomePage

This page lists the guidance items that are updated each day

2006 June 28

* GuideLine: Do not allow developers to change their trust level
* Guideline: use code access security to isolate appications
* Guideline: Choose a trust level that does not exceed the application's requirements
* Guideline: Create a Custom Trust Policy if Your Application Needs Additional Permissions

2006 June 23 

		       * Guideline: Consider Identity Flow
		       * Guideline: Log Key Events
		       * Guideline: Audit and Log Across Application Tiers

2006 June 19

* CodeSample: Validate User Input with Regular Expressions

2006 June 14

* Guideline: Choose a Trust level that does not exceed application requirements
* Guideline: Create a Custom Trust Policy if the Application Needs Additional Permissions
* TestCase: How to Test for Buffer Overflow Vulnerabilities
* TestCase: How to Test for Format String Vulnerabilities
* TestCase: How to Test For SQL Injection Vulnerabilities

2006 June 13

* Guideline: Do Not Propagate Exceptions While Impersonating
* Guideline: Retrict Access To Session State Data
* Guideline: Use Application State to Share Static, Read-Only Data.
* Guideline: Use Static Properties Instead of the Application Object to Store Application.

2006 June 12

* Guideline: Determine the Data to be Cached
* Guideline: Trim Your Page Size
* Checklist: Query Strings With Server Secrets are Hashed

2006 June 07

* Checklist: Security Decisions are Not Made Based on Client Parameters
* Checklist: Page ViewStateUserKey is Used to Counter One-click Attacks
* Checklist: View State is Encrypted if it Does Contain Sensitive Data
* Checklist: Structured Exception Handling is Used
* Checklist: Set Mode Attribute in CustomErrors to On
* Checklist: Query Strings Do Not Contain Server Secrets
* Checklist: Query Strings With Server Secrets are Hashed
* Checklist: Generic Error Pages With Harmless Messages are Returned to the Client
* Checklist: Exception Details are Logged on the Server
* Checklist: Application Logs to a Separate Protected Server
* Checklist: Application is Instrumented for User Management Events
* Checklist: Access to Significant Business Logic is Instrumented
* Checklist: Access to Audit and Log Files are Restricted




Return to HomePage
Cancel Edit [WikiEntry.PreviewButtonText] Save
Microsoft Communities