Home > Question About > Question About Microsoft .net Framework 2.0

Question About Microsoft .net Framework 2.0

Pay close attention to your data access code. Table 8: Sensitive Data Vulnerabilities and Implications VulnerabilityImplications Storing secrets when you do not need toThis drastically increases the security risk. plzzzzz let me know and king send the some more related questions.... An application domain (often AppDomain) is a virtual process that serves to isolate an application. check my blog

Delay signing is generally regarded as a good practice because it helps protect the confidentiality of the private key that will be used for signing the component. I've written an assembly that I want to use in more than one application. This means that an attacker could include format string % directives in the string, and force the application to return or modify arbitrary memory in the stack. Does the code use the correct algorithm and an adequate key size?

If the type is to be used from COM, you may be restricted to using those features that are COM accessible. Otherwise, you don't have to accept them. The .NET Framework ships with a Windows shell extension for viewing the assembly cache. You get an error message that Microsoft .NET Framework needs to be installed.

  1. obviously :) provide required amount of knowledge Comment posted by Mukesh Chandwani on Thursday, August 16, 2007 7:23 AM Excellent work Comment posted by champ_Vicks on Tuesday, August 21, 2007 7:21
  2. Truth Behind Hidden Secret "God Mode" (aka Master Control Panel) Found in Windows 7 and Later How to Apply and Safely Use Custom User Interface (Shell or Explorer) in Windows?
  3. MSIL includes instructions for loading, storing, initializing, and calling methods on objects, as well as instructions for arithmetic and logical operations, control flow, direct memory access, exception handling, and other operations.
  4. What is JIT?
  5. Cryptographic algorithms are mathematically proven, and those that have received more review are generally more effective.
  6. Comment posted by karthik on Friday, July 27, 2012 6:28 AM Best site to learn.

What are the optimization techniques used. I am helpless. Be sure that catch blocks are used to handle exceptions and that finally blocks are used to ensure that the impersonation is reverted. You should flag this as a potentially dangerous practice. [DllImport("Crypt32.dll", SetLastError=true, CharSet=System.Runtime.InteropServices.CharSet.Auto)] [SuppressUnmanagedCodeSecurity] private static extern bool CryptProtectData( ref DATA_BLOB pDataIn, String szDataDescr, ref DATA_BLOB pOptionalEntropy, IntPtr pvReserved, ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct,

Security Question List: Managed Code (.NET Framework 2.0)   Retired Content This content is outdated and is no longer being maintained. What is CTS? Does the code use link demands or assert calls? Table 6 shows possible vulnerabilities that can result from poor or missing exception management and the implications of these vulnerabilities.

While the difference in errors can be subtle, the result will give attackers information that they can use to compromise the application. Make sure that the code does not rely on another layer or tier for data truncation. When len is large enough (about 1.4 billion), len * 3 overflows and newLen is assigned a value that is too small. Home Bookstore/E-Books P2P Programmer Forums Wrox Blogs Connect with Wrox Code Resources International IT Certifications Navigation Register Now View Active Topics View Archives View Unanswered Topics Wrox Programmer Forums

Table 10 shows possible vulnerabilities that can be introduced in unsafe code. What is the .NET Framework? Since files named by UNC or by a mapped drive (such as with the NET USE command) are being sent over this local network, they too are in the local intranet Array indexing errors, such as buffer overruns, can lead to memory being overwritten at arbitrary locations.

Close Menu .NET Framework - .NET Interview Questions and Answers Why ".NET - .NET Framework" Interview Questions? click site For information on using DPAPI, see "How To: Create a DPAPI Library" in the "How To" section of Microsoft patterns & practices Volume I, Building Secure ASP.NET Applications: Authentication, Authorization, and I tried several time to download but it fail to be downloaded correctly and as faster as I need. The code that runs within the common language runtime is called managed code.

Sensitive data should be stored and transmitted in encrypted form; anything less invites theft. i would like to say thanq for who has taughat for puttingthis information. Managed Extensions to C++ lets you choose where class objects are allocated. news Download Link for Microsoft .NET Framework 4.0 Download Link (Web Installer) (requires Internet connection at installation time) Full Standalone Offline Installer Above standalone installer supports x86, x64 and ia64 architectures but

The EncryptedXML class can be used to secure sensitive data, such as database connection strings, that must be stored on disk. Does the application prevent sensitive exception details from being returned to the client? Your code is vulnerable to SQL injection attacks if it uses input parameters to construct SQL statements.

Make sure that GCHandle.Alloc and GCHandleType.Pinned are used to keep the managed objects from being paged to disk.

Any COM component you have deployed today can be used from managed code, and in common cases the adaptation is totally automatic. What will it help me, a non-computer specialist, to do? URLs Alternate representation of an IP address, such as dotless IP, might result in a URL other than what you expected being loaded. Search for pages where user input information is sent back to the browser.

Buffer overruns are a vulnerability that may lead to execution of arbitrary code. Faize Hi, Thanks for sharing the farmeworks. While you review unmanaged or unsafe code, make sure that format string data never contains user input. http://channeltechnetwork.com/question-about/question-about-my-hjt-log.html Cross-site scripting occurs when an attacker manages to input script code into an application so that it is echoed back and executed in the security context of the application.

Do error messages give away too much information? In a professional capacity, he is the CEO of A2Z Knowledge Visuals Pvt Ltd, a digital group that represents premium web sites and digital publications comprising of Professional web, windows, mobile What is managed code and managed data? I may not be able to get expand the memory on this machine, so if I can get rid of any un-necessary programs, that would be great.

Microsoft Interview Questions : http://www.geekinterview.com/Intervi.../Microsoft-NET 97 questions in Microsoft.NET with 177 comments http://www.geekinterview.com/Intervi...ions/Microsoft 856 questions in Microsoft with 569 comments convers teh following subjects... The GetData function does not check the size of the array as it fills it. Comment posted by swati on Wednesday, May 4, 2011 7:32 AM nice one Comment posted by swatichoukhande on Wednesday, May 4, 2011 8:09 AM good Comment posted by ashok kumar on