Index - Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

Index

V

validating user input

by bounds checking, 218, 219–222

by data reflecting, 218, 226–229

by double decoding, 219, 237–239

by encapsulating, 219, 234–236

by encoding, 219, 230–233

by escaping, 219

by exception handling, 219, 240–241

by honey drops, 219, 241–243

list of techniques, 218–219

by parameterizing, 219, 236–237

by pattern matching, 218, 222–226

by syntax checking, 219, 239–240

ValidationSummary control, 220

validator controls, 220–222

.vb files, 62

VB.NET

3DES encryption with ASP.NET, 160–161

authentication code, 293–294, 295, 296

authorizing users, 99–102

binding session state to client, 141

blocking administrator logins, 74–75

blocking basic authentication without SSL, 71–72

connecting to SQL Server using Windows Authentication, 276

creating password hashes, 59, 60–61

creating unique strings with hashes, 235

creating XML digital signature, 353–354

CryptDeriveKey method, 172–173

declarative code, 371

double decoding, 239

enabling strong data typing, 212–213

enhancing session token security, 137–138

escaping dangerous characters, 286

expiring sessions, 143–144

filtering dangerous SQL commands, 289–290

hashing with salt, 185–186

imperative code, 372

inheritance demands, 378, 379

keeping memory clean, 189–190

keyed hashing using HMACSHA1 algorithm, 183

layering symmetric ciphers, 168–169

link demands, 377

password authentication delay, 81

pattern matching, 223, 224

RC2 encryption, 165

reflecting data, 228–229

request references, 215–216, 217

Rihndael algorithm, 164

saving IV with ciphertext, 175–176

securing View State, 135

setting a Deny override, 384

setting an Assert override, 382

setting and verifying cookie domain property, 126, 127

SQL Authentication connection string, 277

SQL common query string, 280

storing and retrieving data from isolated storage, 193–194

structured error handling, 320–322

unstructured error handling, 318–320

using PrincipalPermission object, 394, 395

using PrincipalPermissionAttribute object, 393

using SQLParameter collection, 288

validating numeric input, 221

validating passwords, 8–10

validating XML digital signature, 356–357

XML document decryption, 346–347

XML document encryption, 343–344

.vbproj files, 62

View State feature, ASP.NET

C# code, 134

Decoder tool, 132, 133

enabling, 131–132

enabling MAC, 133–134

overview, 131

protecting, 132–135

sample field, 132

VB.NET code, 134

Visual Studio .NET, enabling strict data typing, 212–213

.vjsproj files, 63

.vsdisco files, 62

VulnWatch, 206