Index - Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

Index

M

machine store, 195

machine.config file, and configuration hierarchy, 98–99

MACs (message authentication codes)

for enhancing session token security, 136–139

for View State, 133–134

MACTripleDES function, 182

makecert.exe tool, 416

malicious input

bounds checking, 219–222

code audit summaries, 254–257

coding standards, 251–254

encapsulating, 234–236

exception handling, 240–241

handling, 207–250

hardening server applications, 248–250, 254, 257

identifying sources, 207–211, 251, 254

limiting exposure, 243–250

pattern matching, 222–226

programming defensively, 211–218, 251, 254

reducing attack scope, 247–248, 253, 257

reducing attack surface, 243–247, 253, 256–257

syntax checking, 239–240

man-in-the-middle attacks

and asymmetric cryptography, 177–178

creating random numbers, 187–188

defined, 54

encrypting XML data, 333–348

and hashing algorithms, 179–186

protecting communications with SSL, 196–198

protecting secrets, 190–195

signing XML data, 348–357

and symmetric cryptography, 156–177

token threats, 139

Windows authentication, 65–75

managed code vs. CryptoAPI, 203

many-to-one certificate mapping, 69–70

mapping

certificates to user accounts, 69–70

non-ASP.NET resources, 63–64

MaxFieldLength value, 249

MaxRequestBytes value, 249

MaxRequestEntityAllowed metabase setting, 249

MD5 hashing algorithm

defined, 180

verifying data integrity, 181

in web.config file, 58, 61

MD5CryptoServiceProvider class, 413

memory, keeping clean, 188–190

MessageQueuePermission class, 375

Microsoft Management Console (MMC), 396

mother’s maiden name, 40