Developing More-Secure Microsoft® ASP.NET 2.0 Applications
| Název knihy: | Developing More-Secure Microsoft® ASP.NET 2.0 Applications |
|---|---|
| Autor/-ři: | Dominick Baier |
| Rok vydání: | červenec 2006 |
| ISBN: | 0-7356-2331-7 |
| Stav: | k dispozici |
Get hands-on, expert guidance for developing more secure Web applications with ASP.NET 2.0 with this in-depth reference. The nature of the Web and its underlying communication protocols make Web applications harder to secure and, therefore, primary targets for hacking attacks and other kinds of compromises.
This book guides you through the possible vulnerabilities of Web-based applications and shows you how to help mitigate them in your own applications. Start with the ingredients of security-enhanced Web applications from the ground up, beginning with Web server set-up, and learn how to harden that machine for a potentially hostile environment such as the Internet.
Then move on to in-depth treatment of crucial topics such as how to use ASP.NET to perform proper input validation; choosing from the numerous options for authenticating and authorizing users; how to store application-related and user-related sensitive data in a secure fashion; how to incorporate detection; and error logging measures.
This guide covers how to integrate ASP.NET into the Microsoft Windows® security infrastructure and how to effectively use impersonation, delegation, and Active Directory® directory service. You will also learn about new Microsoft Windows Server™ 2003 features, such as constrained delegation and protocol transition.
Coverage extends to one of the most underutilized features of ASP.NET—running in partial trust. The book concludes with guidance on how to conduct audits and penetration tests and how to integrate them in the development process. Written by a leading authority and trainer, this reference comes complete with best practices based on real-world experience and extensive code samples in C#.
Discover how to:
- Harden your Web server, operating system, communication protocols, and ASP.NET
- Validate input data with regular expressions, sandboxing, and other techniques
- Understand the design and security implications of various cryptography approaches
- Integrate with Microsoft Windows security features such as impersonation, delegation, and protocol transition
- Implement Web farm, single sign-on, and mixed-mode authentication
- Use provider-based features for user and role management and authentication
- Trace attacks with error-handling, logging, and instrumentation
- Lock down your application with partial trust
About the Authors:
Dominick Baier splits his time consulting on software security issues with companies worldwide and leading the security curriculum at DevelopMentor, a developer training company. He is a certified BS 7799/ISO 17799 Lead Auditor and a Microsoft MVP for Visual Developer-Security. In addition, Dominick speaks at industry conferences, contributes to the German MSDN security portal, and hosts a popular blog.
Michael Howard, Series Consulting Editor, is a leading software security expert, author, and architect of security process improvement at Microsoft Corporation.