regex for filtering input, 225
role in resetting passwords, 28, 29, 34–36, 52
security weaknesses, 34–36
spoofed, 43
eBay, Passport login form, 76
EBC (Electronic Cookbook), 157
educating users, 42–44
Electronic Cookbook (EBC), 157
elevated permissions, ensuring last privilege for databases, 270–272
empowering users, 42–45
EnableNonUTF8 value, 250
encapsulating
code auditing standards, 255
coding standards, 252
defined, 219
overview, 234
encrypting XML data, 333–348
encryption
in ASP.NET applications, 155–186
defined, 154
layering, 167–169
reversible, 20–21
selecting algorithms, 166–169
enforcing strong passwords, 4–10
EnvironmentPermission class, 374
errors
compilation, 317
exception handling, 240–241
handling on database server, 290–291
reporting and logging, 322–326
structured vs. unstructured handling, 318–322
syntax, 317
escaping data
defined, 219
overview, 225–226
to prevent SQL injections, 285–287
EventLogPermission class, 374
events, exception handling, 240–241
evidence, code identity, 368–369
exception handling
ASP.NET overview, 315–318
code auditing standards, 256
coding standards, 253
defined, 219
overview, 240–241
executable files, and least privilege principle, 247–248
Expires property, cookies, 128–130
explicit security authorization, 101–102
extranet code modules, limiting access to, 246