This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Past Research on ASP.NET CAS (Code Access Security)
From OWASP
This historical page is now part of the OWASP archive.
This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.
Please use the newer Edition(s) like Category:OWASP_.NET_Project
This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.
Please use the newer Edition(s) like Category:OWASP_.NET_Project
Dinis Cruz (amongst a few others) have been an strong defender of the need for Microsoft to focus on making CAS (Code Access Security) work.
The consolidation of this research can be seen in this presentation: Making the case for Sandbox v1.1 - Dinis Cruz - SD Conference.ppt
See this blog post for more details and links to related material.