Conclusion

As you've seen in this chapter, Visual Basic .NET implements its security infrastructure via the key components in the .NET Framework model. However, it doesn't eliminate the need for careful design and development of an application with due attention to security. When you use Visual Basic .NET to implement custom permission objects, authorization mechanisms, or any security relevant functionality, you must be familiar with the .NET Framework's architecture. Good practices in security deployment and administration ”strong account management policies, patch management, lockdown operation, and so forth ”are still important. The most secure applications will take advantage of the best of security in Windows and .NET because they offer different perspectives. Using the STRIDE model to develop application threat models can give you further guidance about which platform to use in which situations.

A frequently heard phrase among Microsoft security developers is "security job = job security." Given that applications have evolved from simple, static data-manipulation channels into complex, dynamic, translation-oriented pillars of commerce, this statement is probably not too far from the truth.