Software Security notes

XML Entity Expansion

Create a foo.txt file in your C: directory and try to parse the following XML. The result is what you call XML Entity Expansion vulnerability.

<!ENTITY fooFromFile SYSTEM "c:\foo.txt">

<!ENTITY first "hello">
<!ENTITY second " world">
<!ENTITY attack "&first; &second;">
] >
<statement>&fooFromFile; &attack;</statement>

Big Integer Arithmetic

Are you working with Big Integer arithmetic in C#?
Use Checked and Unchecked blocks to ensure there isn’t any security breach.

MSDN has a great explanation on these blocks: MSDN Checked – Unchecked blocks