Any coding security issues specific to C#?

Question

In C++ world there is a variety of ways to make an exploitable vulnerability: buffer overflow, unsafe sting handling, various arithmetic tricks, printf issues, strings not ending with '\0' and many more. Despite most of these problems were solved in java, there are some things to talk about. But is there any list of typical C#-specific coding vulnerabilities? (and not related to .NET platform itself)

Answer 1

Here are a few issues you can run into:

1. If you've got any sort of language interpreter (HTML, JavaScript, and SQL being the big three) then you can still have injection or XSS vulnerabilities.
2. P/Invoke can cause problems, especially if you're doing any custom marshalling. Even if you're calling a "safe" API through P/Invoke, your marshalling code could contain a bug that corrupts or exposes memory.
3. If you're doing file access then you need to make sure your files are always in acceptable directories. Be sure to sanitize against bad absolute and relative paths.
4. Cryptography. Good cryptographic programming is really hard, and .Net's various safety features do nothing against crypto attacks.

Answer 2

C# is based on .NET and .NET is supposed to be type-safe, which means none of your list of horrors applies to C# or any .NET language.

But then again, C# has an unsafe keyword and after that all bets are off.
It allows real pointers and everything that comes with them.