Index - Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

Index

H

harvested credentials, preventing, 13–16

hashes

adding salt, 184–186

basic properties, 179

as code group membership condition, 371

for disguising data, 234–235

list, 180

in .NET Framework, 51

.NET Framework support, 180

as one-way functions, 20

overview, 179, 414

properties useful for encapsulating data, 234

storing, 19, 20, 21

as type of evidence, 368

using to store passwords, 183–186

using to verify data integrity, 181–183

hashing and signature algorithms, 156

Headers property, 208

history, password, 22, 23–25

HMACSHA1 function, 182–183

honey drops

defined, 219, 241

how they work, 241–242

ways to use, 242–243

honey pots, defined, 241

HOSTS file, 210

HTML code

allowing markup by disabling validation feature, 258

character entity encoding, 232

escaping data, 225–226

form-based token mechanisms, 118–119

neutralizing malicious content, 230–233

writing to be secure, 310–315

HtmlEncode method, 232, 233

HTR files, 227

HTTP

blocking verbs, 95–97

cookie-based token mechanisms, 118

role of session tokens, 110–111

HttpRequest class, 208

HttpServerUtility class, 232, 233