Index - Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

Index

D

data compromise, 262, 296–302

data constraints, 289

data corruption

and asymmetric cryptography, 177–178

connecting to data sources, 274–279

creating random numbers, 187–188

encrypting XML data, 333–348

and hashing algorithms, 179–186

preventing SQL injection, 280–291

protecting communications with SSL, 196–198

protecting secrets, 190–195

signing XML data, 348–357

and symmetric cryptography, 156–177

writing secure SQL code, 291–296

data destruction

connecting to data sources, 274–279

preventing SQL injection, 280–291

reading and writing to data files, 296–302

writing secure SQL code, 291–296

data files, reading and writing to, 296–302

data integrity, defined, 154

Data Protection Application Programming Interface (DPAPI), 195, 277

data reflecting

defined, 218

overview, 226

preventing, 227–229

steps to reflect file paths, 227–229

unauthorized file access, 226–227

data source names (DSNs), removing from registry, 266–267

data sources, connecting to, 274–279

data types

constraining, 289

enabling strict data typing, 212–213

database compromise

defined, 262

ensuring last privilege, 270–272

limiting attack surface, 265–270

securing databases, 272–274

securing location, 263–264

databases.See also SQL Server

attacks that compromise integrity, 284

attacks that compromise queries, 285

attacks to retrieve content information, 283–284

attacks to retrieve structure information, 282–283

ensuring least privilege, 270–272

features to remove, 272–273

least privilege principle, 247–248

limiting attack surface, 265–270

protecting connection strings, 277–278

reading and writing to data files, 296–302

regex for filtering input, 225

sample firewall layout, 263–264

securing, 263–274, 272–274

securing location, 263–264

storing passwords in, 19–22

storing secrets in, 194–195

using least privilege to restrict users, 289–290

db_owner account, 278

declarative security, 100, 371–372

decryption, 154, 345–347

demanding permissions, 363

demanding permissions, in .NET Framework, 376–379

denial of service, 78–86, 207

Deny overrides, 383–384

DES algorithm, 156, 157, 159–163

DESCryptoServiceProvider class, 159, 413

digitally signed XML documents, 348–357

directory, as type of evidence, 368

directory traversal

data reflecting, 226–229

defined, 206

double decoding, 237–239

parameterizing, 236–237

DirectoryServicePermission class, 374

discretionary access control lists (DACLs), 90

distributed applications, defined, 365

DnsPermission class, 374

Domain property, cookies, 125–127

double decoding

C# code, 238

defined, 219

overview, 237–238

VB.NET code, 239

DPAPI (Data Protection Application Programming Interface), 195, 277

DSACryptoServiceProvider class, 413

DSNs.See 230–233