All the latest UK technology news, reviews and analysis
|
|
|
28 Nov 2001
An independent security review of Microsoft's .Net framework has called the project "a robust platform for enterprise and web application security".
Although Microsoft has often come under fire from the security industry in the past, joint research from security firms Foundstone and Core Security Technologies has found that the ".Net framework team has addressed security with the utmost priority".
Further reading
But some members of the internet community have slammed the results, based on the fact that Microsoft commissioned the research in the first place.
Joel Scambray, managing director of Foundstone, and technical lead for the review, said: "Based on our own analysis and extended interactions with the .Net framework architects at Microsoft, we believe it to be a great emerging platform for enterprise and web applications, from a security perspective.
"We feel that application security will improve as the migration towards the .Net framework continues."
According to the report, the .Net framework provides novel approaches to securing both client and server machines. The researchers go some way to explaining Microsoft's use of role-based security, code access security, verification processes, cryptography, isolated storage, and application domains in the .Net infrastructure.
However, the security experts warned that .Net's safeguards do not eliminate the need to design applications with security in mind.
"As with any application development environment, when implementing code that involves custom permission objects, authorisation mechanisms, or any security-relevant functionality, the developer must be familiar with the .Net framework's security architecture in order to ensure that the design principles are enforced," the report said.
Also, the networks and systems on which .Net applications run are still potentially vulnerable and must be secured according to best practices. "No managed code paradigm can account for sloppy system administration," said the researchers.
The full report can be found here.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
IT Support Analyst - Active Directory, Windows 7, MS...
Helpdesk / Desktop Support Analyst (Windows 7, MAC, Windows...
Infrastructure / Server Support Analyst - 3rd Line, Windows...
Credit Risk Modeller, SAS, London, £50,000 Title- Credit...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?