Taint Mode, 211–212
TCP/IP, port least privilege principle, 247–248
temporary passwords, 36–38, 52
terminating sessions, 142–144
testing security code, 214
text strings, for storing connection strings, 278
third-party applications, obscuring access to code, 246
Ticket class
Expiration property, 129
IsPersistent property, 129
RedirectFromLoginPage method, 129
token keep-alive, as threat, 142–144
tokens
account hopping threat, 111
binding session tokens to clients, 139–141
brute-force attack threat, 112
cookie-based, 118
creating MACs for added security, 136–139
cross-site scripting threat, 112
designing to be secure, 113–117
discarding session tokens, 142–144
fixation threat, 111
form-based, 118–119
hijacking threat, 111
information leakage threat, 112
keep-alive threat, 112
keeping session tokens alive, 142–144
manipulation threat, 112
phishing threat, 112
prediction threat, 112
properties, 111
session, 110–111
threats against, 111–113
types of mechanisms, 117–119
TripleDESCryptoServiceProvider class, 159, 414
Try statement, 290
type safety, 365