Security for Microsoft Visual Basic .NET
- Table of Contents
- BackCover
- Security for Microsoft Visual Basic .NET
- Introduction
- How to Use the Code Samples
- A Final Word
- Corrections, Comments, and Help
- Acknowledgments
- Part I: Development Techniques
- Chapter 1: Encryption
- Practice Files
- Hash Digests
- Private Key Encryption
- Public Key Encryption
- Hiding Unnecessary Information
- Encryption in the Real World
- Summary
- Chapter 2: Role-Based Authorization
- Role-Based Authorization Exercise
- Windows Integrated Security
- ASP.NET Authentication and Authorization
- Role-Based Authorization in the Real World
- Summary
- Chapter 3: Code-Access Security
- How Actions Are Considered Safe or Unsafe
- What Prevents Harmful Code from Executing?
- It s On By Default
- Security Features and the Visual Basic .NET Developer
- Code-Access Security vs. Application Role-Based Security
- Run Your Code in Different Security Zones
- Code-Access Security in the Real World
- Summary
- Chapter 4: ASP.NET Authentication
- Employee ManagementWeb Practice Files
- Forms Authentication
- Windows Integrated Security Authentication
- Passport Authentication
- ASP.NET Authentication in the Real World
- Summary
- Chapter 5: Securing Web Applications
- Secure Sockets Layer
- Securing Web Services
- Implementing an Audit Trail
- Securing Web Applications in the Real World
- Summary
- Part II: Ensuring Hack- Resistant Code
- Chapter 6: Application Attacks and How to Avoid Them
- Denial of Service Attacks
- File-Based or Directory-Based Attacks
- SQL-Injection Attacks
- Cross-Site Scripting Attacks
- Child-Application Attacks
- Guarding Against Attacks in the Real World
- Summary
- Chapter 7: Validating Input
- Working with Input Types and Validation Tools
- Summary
- Chapter 8: Handling Exceptions
- Where Exceptions Occur
- Exception Handling
- Global Exception Handlers
- Exception Handling in the Real World
- Summary
- Chapter 9: Testing for Attack- Resistant Code
- Plan of Attack - The Test Plan
- Attack - Execute the Plan
- Common Testing Mistakes
- Testing in the Real World
- Summary
- Part III: Deployment and Configuration
- Chapter 10: Securing Your Application for Deployment
- Deployment Techniques
- Code-Access Security and Deployment
- Certificates and Signing
- Deploying .NET Security Policy Updates
- Protecting Your Code - Obfuscation
- Deployment Checklist
- Deployment in the Real World
- Summary
- Chapter 11: Locking Down Windows, Internet Information Services, and .NET
- I m Already Protected. I m Using a Firewall.
- Fundamental Lockdown Principles
- Automated Tools
- Locking Down Windows Clients
- Locking Down Windows Servers
- Locking Down IIS
- Locking Down .NET
- Summary
- Chapter 12: Securing Databases
- Core Database Security Concepts
- SQL Server Authentication
- SQL Server Authorization
- Microsoft Access Authentication and Authorization
- Locking Down Microsoft Access
- Locking Down SQL Server
- Summary
- Part IV: Enterprise-Level Security
- Chapter 13: Ten Steps to Designing a Secure Enterprise System
- Design Challenges
- Step 1: Believe You Will Be Attacked
- Step 2: Design and Implement Security at the Beginning
- Step 3: Educate the Team
- Step 4: Design a Secure Architecture
- Step 5: Threat-Model the Vulnerabilities
- Step 6: Use Windows Security Features
- Step 7: Design for Simplicity and Usability
- Step 8: No Back Doors
- Step 9: Secure the Network with a Firewall
- Step 10: Design for Maintenance
- Summary
- Chapter 14: Threats - Analyze, Prevent, Detect, and Respond
- Analyze for Threats and Vulnerabilities
- Prevent Attacks by Mitigating Threats
- Detection
- Respond to an Attack
- Security Threats in the Real World
- Summary
- Chapter 15: Threat Analysis Exercise
- Analyze for Threats
- Respond to Threats
- Summary
- Chapter 16: Future Trends
- The Arms Race of Hacking
- What Happens Next?
- Responding to Security Threats
- Summary
- Appendix A: Guide to the Code Samples
- Employee Management System
- Employee Management Web
- Encryption Demo
- TogglePassport Environment utility
- Employee Database Structure
- Migrating the Employee Database to SQL Server 2000
- Appendix B: Contents of SecurityLibrary.vb
- Private Key Encryption
- DPAPI Encryption
- Public Key Encryption
- Logging Exceptions
- Role-Based Security
- Validating Input
- Index
- Index_A
- Index_B
- Index_C
- Index_D
- Index_E
- Index_F
- Index_G
- Index_H
- Index_I
- Index_J-K
- Index_L
- Index_M
- Index_N
- Index_O
- Index_P
- Index_Q-R
- Index_S
- Index_T
- Index_U
- Index_V
- Index_W
- Index_X
- Index_Z
- List of Figures
- List of Tables
- List of Sidebars