Security is best tackled in a holistic manner, by considering not just the application, but also the host and network environment where it is deployed. There's no use spending time encrypting your database connection strings if the administrator password is easy to guess!
One approach to implementing effective security is to consider the possible risks and threats to your application. Called threat modeling, this technique involves identifying threats, vulnerabilities, and most importantly, countermeasures for your specific application scenario.
When it comes to security threat modeling, it's a good idea to approach the world with a healthy dose of paranoia. As Kurt Cobain said, "Just because you're paranoid doesn't mean they aren't after you."
Table 27-1 categorizes the areas that should be considered as part of a threat modeling exercise.
By systematically identifying the security risks and putting in place appropriate countermeasures, we can begin to gain a level of trust that our applications and data can only be used in the manner that we intended.
The foundation of security is really all about trust and determining the scope and boundaries of our trust. For an application developer, this largely involves deciding to what degree you trust your users and external systems with which you interact, and what level of protection you need to put in place to guard against malicious users. You should ask questions such as, "Do I need to check the data that has been entered on this form, or can I simply assume that it is valid?"
However, as a system administrator or end user, you need to determine to what degree you trust that the applications you execute do not perform malicious actions. This is a fairly black-and-white decision when it comes to most non-.NET applications. If you don't fully trust an application, then you shouldn't execute it, because there is no way to limit the actions it performs. Even if you do trust that an application has good intentions, how sure are you that it does not contain a defect that causes it to inadvertently delete all of your personal files?
Built into the foundation of the .NET Framework is a policy-based security system called code access security, which can address these concerns by limiting the scope of actions that an application can perform. Because this is such an important part of security in the .NET Framework, it is discussed in detail in the following section.
13.58.121.8