Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Hacking the Code ASP.NET Web Application Security [Electronic resources] - نسخه متنی

James C. Foster, Mark M. Burnett

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

BackCover

Hacking the Code - ASP.NET Web Application Security

Chapter 1: Managing Users

Establishing User Credentials

Managing Passwords

Resetting Lost or Forgotten Passwords

Empowering Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 2: Authenticating and Authorizing Users

Authenticating Users

Authorizing Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 3: Managing Sessions

Maintaining State

Using ASP.NET Tokens

Enhancing ASP.NET State Management

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 4: Encrypting Private Data

Using Cryptography in ASP.NET

Working with .NET Encryption Features

Protecting Communications with SSL

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 5: Filtering User Input

Handling Malicious Input

Constraining Input

Limiting Exposure to Malicious Input

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 6: Accessing Data

Securing Databases

Writing Secure Data Access Code

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 7: Developing Secure ASP.NET Applications

Writing Secure HTML

Handling Exceptions

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 8: Securing XML

Applying XML Encryption

Applying XML Digital Signatures

Coding Standards Fast Track

Coding Audit Fast Track

Frequently Asked Questions

Appendix A: Understanding .NET Security

Code Access Security

Role-Based Security

Security Policies

Cryptography

Security Tools

Summary

Security Fast Track

Frequently Asked Questions

Appendix B: Glossary of Web Application Security Threats

Index

Index_A

Index_B

Index_C

Index_D

Index_E

Index_F

Index_G

Index_H

Index_I

Index_J

Index_K

Index_L

Index_M

Index_N

Index_O

Index_P

Index_Q

Index_R

Index_S

Index_T

Index_U

Index_V

Index_W

Index_X

Index_Z

List of Figures

List of Tables

List of Sidebars
توضیحات
افزودن یادداشت جدید






Coding Standards Fast Track



Maintaining State


Designing a Secure Token




Where possible, use extra measures to bind the token to the client session.



Always transmit authentication credentials using SSL or IPSec.



Always use a sufficiently large keyspace (at least 120 bits) for session tokens.



Always use a strong random-number generator for session tokens.



Never accept new tokens submitted by a client.



Never include visible plaintext user identifiers in the token.



Always limit the token’s scope to the current application.



Use both relative and absolute timeouts for tokens.



Take measures to prevent the client from storing the session token after the session ends.



Allow users to manually terminate a session.



Always issue a new token with each session login.



Selecting a Token Mechanism




Avoid using URL-based token mechanisms.



Use cookie-based tokens whenever possible.



Use HttpOnly tokens with Internet Explorer clients.



Use SSL whenever possible to protect session tokens.



Using State Providers




Disable the ASP.NET State Service if you are not using it.



Use aspnet_setreg.exe to encrypt the state connection string.



Avoid using cookieless tokens.



Set short cookie timeouts as appropriate for your application.




Using ASP.NET Tokens


Using Cookies




Always set a specific domain and path on all cookies.



Always check the domain and path on incoming cookies to block cookies with the incorrect scope.



Do not set an expiration on cookies to have them expire when the browser closes.



If using persistent cookies, use a short expiration date.



If using SSL, mark cookies as secure to prevent transmitting them over non-SSL connections.



Never store sensitive information in a cookie, and always encrypt what you do store.



Working with View State




Disable View State on all pages where you do not specifically use it.



Wherever you enable View State, also enable the View State MAC.



Set the validation attribute of the machineKey element in machine.config to 3DES.



Set a unique View State user key for each user.




Enhancing ASP.NET State Management


Creating Tokens




Always use a strong random-number generator for session tokens.



Use a MAC based on a random number to ensure the authenticity of the session token.



Use the IsolateApps settings to ensure unique keys between applications.



Use client variables to tightly bind to the client session.



Terminating Sessions




Use absolute timeouts in addition to idle timeouts to enforce a maximum token age.



Use hit counters to limit the use of any one token.



/ 96