لطفا منتظر باشید ...
Hacking the Code—ASP.NET Web Application Security
Mark Burnett
James C. Foster Technical Editor
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.
Syngress Media, Syngress, “Career Advancement Through Skill Enhancement,” “Ask the Author UPDATE,” and “Hack Proofing,” are registered trademarks of Syngress Publishing, Inc. “Syngress: The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
KEY | SERIAL NUMBER |
001 | HJIR64HGGH |
002 | PO9FGYG678 |
003 | 829KM82NQL |
004 | HRTCC45189 |
005 | CVQ23THBHN |
006 | VBP95LPRQQ |
007 | HJ3ELK7R4F |
008 | 2987MK224G |
009 | 629DJTKLK8 |
010 | IMWT6T774V |
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Hacking the Code: ASP.NET Web Application Security
Copyright 2004 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-932266-65-8
Technical Editor: James C. Foster
Page Layout and Art: Patricia Lupien
Cover Designer: Michael Kavish
Copy Editors: Darlene Bordwell and Joel Rosenthal
Indexer: Julie Kawabata
Distributed by O’Reilly & Associates in the United States and Canada.
Acknowledgments
We would like to acknowledge the following people for their kindness and support in making this book possible.
Syngress books are now distributed in the United States by O’Reilly & Associates, Inc. The enthusiasm and work ethic at ORA is incredible and we would like to thank everyone there for their time and efforts to bring Syngress books to market: Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro, Lynn Schwartz, Steve Hazelwood, Mark Wilson, Rick Brown, Leslie Becker, Jill Lothrop, Tim Hinton, Kyle Hart, Sara Winge, C. J. Rayhill, Peter Pardo, Leslie Crandell, Valerie Dow, Regina Aggio, Pascal Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark Jacobsen, Betsy Waliszewski, Dawn Mann, Kathryn Barrett, and Rob Bullington. A special thanks to John Chodacki for all his help with Safari.
The incredibly hard working team at Elsevier Science, including Jonathan Bunkell, Ian Seager, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, Emma Wyatt, Rosie Moss, Chris Hossack, and Krista Leppiko, for making certain that our vision remains worldwide in scope.
David Buckland, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, Pang Ai Hua, and Joseph Chan of STP Distributors for the enthusiasm with which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
David Scott, Tricia Wilden, Marilla Burgess, Annette Scott, Geoff Ebbs, Hedley Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.
Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines.
Author
Mark Burnett (Microsoft MVP) is an independent security consultant, freelance writer, and a specialist in securing Windows-based IIS Web servers. Mark is co-author of Maximum Windows Security and is a contributor to Stealing the Network: How to Own the Box (Syngress Publishing, 1-9311836-87-6) and Dr. Tom Shinder’s ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). He is a contributor and technical editor for Syngress Publishing’s Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-931836-69-8). Mark speaks at various security conferences and has published articles in Windows & .NET, Information Security, Windows Web Solutions, Security Administrator, and is a regular contributor at SecurityFocus.com. Mark also publishes articles on his own Web site, IISSecurity.info.
Contributor
Joshua Skillings is the lead Software Engineer for Trade West Systems, LLC, a consulting company specializing in creating applications for the financial industry. Joshua graduated from Brigham Young University with a BS in Computer Science. He was the BYU ACM club president. He has been using .NET since Beta 2 and has written all manner of games, pocket pc applications, web sites, and security tools using the .NET framework. He lives with his wife and two children in Sandy, Utah.
Technical Editor
James C. Foster, is the Deputy Director, Global Security Development for Computer Sciences Corporation where he is leading the task of developing and delivering managed, educational, informational, consulting, and outsourcing security services. Prior to joining CSC, Foster was the Director of Research and Development for Foundstone Inc. and was responsible for all aspects of product and corporate R&D including corporate strategy and international market expansion. Preceding Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc. (acquired by Verisign in 2004 for $135 Million) and an adjunct author at Information Security Magazine (acquired for an undisclosed amount by TechTarget in 2003.) He is commonly asked to comment on pertinent security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. James has co-authored or contributed to Snort 2.0 Intrusion Detection (Syngress, ISBN: 1931836744), and Special Ops Host and Network Security for Microsoft, Unix, and Oracle (Syngress, ISBN: 1931836698) as well as Hacking Exposed, Fourth Edition, Advanced Intrusion Detection, Anti-Hacker Toolkit Second Edition, and Anti-Spam Toolkit. James has attended Yale, Harvard, and the University of Maryland and has an AS, BS, MBA and is currently a Fellow at the University of Pennsylvania’s Wharton School of Business.
