Index
T
Taint Mode, 211–212
TCP/IP, port least privilege principle, 247–248
temporary passwords, 36–38, 52
terminating sessions, 142–144
testing security code, 214
text strings, for storing connection strings, 278
third-party applications, obscuring access to code, 246
Ticket classExpiration property, 129
IsPersistent property, 129
RedirectFromLoginPage method, 129
token keep-alive, as threat, 142–144
tokensaccount hopping threat, 111
authentication, 110, 111
binding session tokens to clients, 139–141
brute-force attack threat, 112
cookie-based, 118
creating MACs for added security, 136–139
cross-site scripting threat, 112
designing to be secure, 113–117
discarding session tokens, 142–144
fixation threat, 111
form-based, 118–119
hijacking threat, 111
information leakage threat, 112
keep-alive threat, 112
keeping session tokens alive, 142–144
manipulation threat, 112
phishing threat, 112
prediction threat, 112
properties, 111
session, 110–111
threats against, 111–113
types of mechanisms, 117–119
URL-based, 117, 151
TripleDESCryptoServiceProvider class, 159, 414
Try statement, 290
type safety, 365