Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Hacking the Code ASP.NET Web Application Security [Electronic resources] - نسخه متنی

James C. Foster, Mark M. Burnett

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

BackCover

Hacking the Code - ASP.NET Web Application Security

Chapter 1: Managing Users

Establishing User Credentials

Managing Passwords

Resetting Lost or Forgotten Passwords

Empowering Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 2: Authenticating and Authorizing Users

Authenticating Users

Authorizing Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 3: Managing Sessions

Maintaining State

Using ASP.NET Tokens

Enhancing ASP.NET State Management

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 4: Encrypting Private Data

Using Cryptography in ASP.NET

Working with .NET Encryption Features

Protecting Communications with SSL

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 5: Filtering User Input

Handling Malicious Input

Constraining Input

Limiting Exposure to Malicious Input

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 6: Accessing Data

Securing Databases

Writing Secure Data Access Code

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 7: Developing Secure ASP.NET Applications

Writing Secure HTML

Handling Exceptions

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 8: Securing XML

Applying XML Encryption

Applying XML Digital Signatures

Coding Standards Fast Track

Coding Audit Fast Track

Frequently Asked Questions

Appendix A: Understanding .NET Security

Code Access Security

Role-Based Security

Security Policies

Cryptography

Security Tools

Summary

Security Fast Track

Frequently Asked Questions

Appendix B: Glossary of Web Application Security Threats

Index

Index_A

Index_B

Index_C

Index_D

Index_E

Index_F

Index_G

Index_H

Index_I

Index_J

Index_K

Index_L

Index_M

Index_N

Index_O

Index_P

Index_Q

Index_R

Index_S

Index_T

Index_U

Index_V

Index_W

Index_X

Index_Z

List of Figures

List of Tables

List of Sidebars
توضیحات
افزودن یادداشت جدید






Code Audit Fast Track



Using Cryptography in ASP.NET


Employing Symmetric Cryptography




Does the application use only well-established encryption algorithms, avoiding weak encryption methods and encoding techniques?



Does the application use DES when 3DES would work as a compatible replacement?



If using RC2 encryption, does the application use 128-bit keys whenever possible?



Does the application derive the key from the IV or the IV from the key rather than using a strong random-number generator?



Does the application avoid hard-coded values for the IV?



Working with Hashing Algorithms




Does the application use hashing algorithms where appropriate to ensure data integrity?



Does the application store hashes rather than actual passwords in the database?



Does the application store hashes in a secure location?



Does the application use keyed hashing algorithms whenever possible?



Does the application add salt to all hashes?




Working with .NET Encryption Features


Creating Random Numbers




Does the application only use the RNGCryptoServiceProvider to generate strong random numbers, avoiding System.Random?



Does the system require further entropy than what the CryptoAPI provides?



Keeping Memory Clean




Does the application clear out all variables used with cryptographic operations, including those for plaintext, ciphertext, keys, salts, IVs, and random numbers?



Does the application explicitly call the Clear() method for all cryptographic objects?



Does the application explicitly call the Dispose() method for all cryptographic objects?



Does the application explicitly zero out any variables that do not provide a Clear() method?



Protecting Secrets




Does the application avoid storing hard-coded secrets?



Does the application use a combination of secure methods, such as the file system, the registry, a database, and using DPAPI to store secrets?



Does the application use obscurity sparingly but where appropriate as an additional layer of protection?



Protecting Communications with SSL




Does the application always use SSL for protecting sensitive HTTP traffic?



Does the application use SSL for all included page elements, including images, style sheets, and client-side scripts?



/ 96