Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Hacking the Code ASP.NET Web Application Security [Electronic resources] - نسخه متنی

James C. Foster, Mark M. Burnett

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

BackCover

Hacking the Code - ASP.NET Web Application Security

Chapter 1: Managing Users

Establishing User Credentials

Managing Passwords

Resetting Lost or Forgotten Passwords

Empowering Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 2: Authenticating and Authorizing Users

Authenticating Users

Authorizing Users

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 3: Managing Sessions

Maintaining State

Using ASP.NET Tokens

Enhancing ASP.NET State Management

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 4: Encrypting Private Data

Using Cryptography in ASP.NET

Working with .NET Encryption Features

Protecting Communications with SSL

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 5: Filtering User Input

Handling Malicious Input

Constraining Input

Limiting Exposure to Malicious Input

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 6: Accessing Data

Securing Databases

Writing Secure Data Access Code

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 7: Developing Secure ASP.NET Applications

Writing Secure HTML

Handling Exceptions

Coding Standards Fast Track

Code Audit Fast Track

Frequently Asked Questions

Chapter 8: Securing XML

Applying XML Encryption

Applying XML Digital Signatures

Coding Standards Fast Track

Coding Audit Fast Track

Frequently Asked Questions

Appendix A: Understanding .NET Security

Code Access Security

Role-Based Security

Security Policies

Cryptography

Security Tools

Summary

Security Fast Track

Frequently Asked Questions

Appendix B: Glossary of Web Application Security Threats

Index

Index_A

Index_B

Index_C

Index_D

Index_E

Index_F

Index_G

Index_H

Index_I

Index_J

Index_K

Index_L

Index_M

Index_N

Index_O

Index_P

Index_Q

Index_R

Index_S

Index_T

Index_U

Index_V

Index_W

Index_X

Index_Z

List of Figures

List of Tables

List of Sidebars
توضیحات
افزودن یادداشت جدید






Security Tools


The .NET Framework comes with 10 command-line security tools (see Table A.4) that help you perform your security tasks. For a more thorough description of these tools, consult the .NET Framework documentation.
















































Table A.4: Command-Line Security Tools

Name of Tool


Name of Executable


Description


Code Access Security Policy Utility


Caspol.exe


This tool can perform any operation in relation to the code access security policy. Because it can do more than the .NET Configuration Tool we have been using in this chapter, it is important that you familiarize yourself with it.


Certificate Verification Utility


Chktrust.exe


With this tool, you can check a file that has been signed using Authenticode.


Certificate Creation Utility


Makecert.exe


Creates an X.509 certificate for testing purposes. An option you might consider is to install the Certificates Services on Windows 2000, which makes it much easier to create and maintain certificates for development and testing


Certificate Manager Utility


Certmgr.exe


This utility manages your certificates, certificate trust lists, and so on. Use the Microsoft Management Console with the Certificates snap-in, which enables you to maintain not only your own certificates but also (if you have the rights) the certificates of your computer and service accounts.


Software Publisher Certificate Test Utility


Cert2spc.exe


This tool creates a software publisher’s certificate for one or more X.509 certificates.


Permissions View Utility


Permview.exe


This tool enables you to view the requested permissions of an assembly.


PE Verify Utility


Peverify.exe


This tool enables you to verify the type safety of a portable executable file.


Secutil Utility


Secutil.exe


This tool extracts strong name or public key information from an assembly and converts it so that you can use it directly in your code (for example, for a permission demand).


File Signing Utility


Signcode.exe


This tool enables you to sign a PE file with an Authenticode signature. If this utility is called with no command-line options, a Digital Signature Wizard is started.


Strong Name Utility


Sn.exe


This tool enables you to sign assemblies with strong names.


Set Registry Utility


Setreg.exe


This tools enables you to set registry keys for use of public key cryptography. If you call this utility without options, it will just list the settings.


Isolated Storage Utility


Storeadm.exe


This tool enables you to manage isolated storage for the current user.


/ 96