لطفا منتظر باشید ...
Index
B
binding session tokens to clients, 139–141
birthday attacks, 181
blockingadministrator logins, 73–75
basic authentication without SSL, 70–72
brute-force attacks, 78–86
blocking HTTP verbs, 95–97
bounds checking, 218, 219–222
Browser property, 208
brute-force attacksand asymmetric cryptography, 177–178
avoiding easily guessed credentials, 10–12
blocking, 78–86
changing passwords, 25–27
countermeasures, 78–85
creating random numbers, 187–188
on cryptographic systems, 155
defined, 2
detecting, 85
enforcing strong passwords, 4–10
and hashing algorithms, 179–186
locking accounts against, 79–81
password aging and history issues, 22–25
password authentication delay, 81–82
preventing credential harvesting, 13–16
protecting communications with SSL, 196–198
protecting secrets, 190–195
resetting lost or forgotten passwords, 28–42
session token threats, 112
signing XML data, 348–357
and symmetric cryptography, 156–177
tools for cracking passwords, 10
buffer overflows, 207, 262
BugTraq, 206
