Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Hacking the Code ASP.NET Web Application Security [Electronic resources] - نسخه متنی

James C. Foster, Mark M. Burnett

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

BackCover

Hacking the Code - ASP.NET Web Application Security

Chapter 1: Managing Users

Establishing User Credentials

Managing Passwords

Resetting Lost or Forgotten Passwords

Empowering Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 2: Authenticating and Authorizing Users

Authenticating Users

Authorizing Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 3: Managing Sessions

Maintaining State

Using ASP.NET Tokens

Enhancing ASP.NET State Management

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 4: Encrypting Private Data

Using Cryptography in ASP.NET

Working with .NET Encryption Features

Protecting Communications with SSL

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 5: Filtering User Input

Handling Malicious Input

Constraining Input

Limiting Exposure to Malicious Input

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 6: Accessing Data

Securing Databases

Writing Secure Data Access Code

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 7: Developing Secure ASP.NET Applications

Writing Secure HTML

Handling Exceptions

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 8: Securing XML

Applying XML Encryption

Applying XML Digital Signatures

Coding Standards Fast Track

Coding Audit Fast Track

Frequently Asked Questions

Appendix A: Understanding .NET Security

Code Access Security

Role-Based Security

Security Policies

Cryptography

Security Tools

Summary

Security Fast Track

Frequently Asked Questions

Appendix B: Glossary of Web Application Security Threats

Index

Index_A

Index_B

Index_C

Index_D

Index_E

Index_F

Index_G

Index_H

Index_I

Index_J

Index_K

Index_L

Index_M

Index_N

Index_O

Index_P

Index_Q

Index_R

Index_S

Index_T

Index_U

Index_V

Index_W

Index_X

Index_Z

List of Figures

List of Tables

List of Sidebars
توضیحات
افزودن یادداشت جدید







Code Audit Fast Track



Authenticating Users



Building Login Forms





Does the login form transmit data across a secure connection?





Does the login form use the HTTP POST method instead of GET?





Does the application validate the login form input?





Does the form reveal sensitive information through hidden form fields?





Do error messages reveal too much information?





Using Forms Authentication





Does the web.config file contain user credentials when other alternatives would be more secure?





Does the web.config file contain cleartext user credentials?





Does the web.config file use the most secure settings for cookies?





Using Windows Authentication





If you’re using basic authentication, is the traffic encrypted with SSL?





Does the site design allow credentials to be sent when moving from an SSL page to an unencrypted page?





Can an attacker launch brute-force attacks against privileged accounts?





Can an attacker relay brute-force attacks from the Web server to other systems?





Using Passport Authentication





Is Passport authentication sufficient given the nature of the Web site?





Blocking Brute-Force Attacks





Does the site enforce account lockout? What risks are involved with this policy?





Does the site have any features to slow brute-force attacks?





Does the site have any features to fool automated brute-force tools?





Does the site have any features to stop automated attacks, such as asking for a secret question or using a CAPTCHA?





Does the application provide advanced user settings to restrict access to an account?





Does the application have any way to limit or suspend an account suspected of abuse?






Authorizing Users



Deciding How to Authorize





Does the system have a solid roles-based security framework?





Does the system use multiple layers of authentication?







Employing File Authorization





Does the system define the minimum NTFS file permissions required to run the application?





Does the system use file authorization to implement both resource-based and role-based security?





Applying URL Authorization





Does the authorization section of the web.config for protected content start by denying unauthenticated users?





Does the authorization section end with a default rule allowing all or denying all users?





Are all allow verb elements followed with deny verb elements?





Does the application use HttpForbiddenHandler or HttpNotFoundHandler to block everyone’s access to certain files?





Authorizing Users Through Code





Does the application use declarative, imperative, and explicit role checks to provide multiple layers of authorization?





/ 96