Download e-book : BEGINNING ASP.NET SECURITY / PDF

Download e-book :  BEGINNING ASP.NET SECURITY / PDF

INTRODUCTION 
CHAPTER 1 Why Web Security Matters .

PART I THE ASP.NET SECURITY BASICS
CHAPTER 2 How the Web Works 
CHAPTER 3 Safely Accepting User Input .
CHAPTER 4 Using Query Strings, Form Fields, Events, and Browser Information 
CHAPTER 5 Controlling Information
CHAPTER 6 Keeping Secrets Secret — Hashing and Encrypton. 

PART II SECURING COMMON ASP.NET TASKS
CHAPTER 7 Adding Usernames and Passwords 
CHAPTER 8 Securely Accessing Databases
CHAPTER 9 Using the File System .
CHAPTER 10 Securing XML 

PART III ADVANCED ASP.NET SCENARIOS
CHAPTER 11 Sharing Data with Windows Communication Foundation 
CHAPTER 12 Securing Rich Internet Applications 
CHAPTER 13 Understanding Code Access Security .
CHAPTER 14 Securing Internet Information Server (IIS) . 
CHAPTER 15 Third-Party Authentication . 
CHAPTER 16 Secure Development with the ASP.NET MVC Framework .

*****************

INTRODUCTION

OVER THE PAST SEVERAL YEARS, I’ve been regularly presenting on security in .NET at conferences
and user groups. One of the joys of these presentations is that you know when you ’ve taught someone something new. At some point during the presentation, you can see one or two members of the audience starting to look very worried. Security is a diffi cult topic to discuss.

 Often, developers know they must take security into account during their development life cycle, but do not know what they must look for, and can be too timid to ask about the potential threats and attacks that
their applications could be subjected to.

This book provides a practical introduction to developing securely for ASP.NET. Rather than
approaching security from a theoretical direction, this book shows you examples of how everyday code can be attacked, and then takes you through the steps you must follow to fi x the problems.

This book is different from most others in the Wrox Beginning series. You will not be building an application, but rather, each chapter is based upon a task a Web site may need to perform — accepting input, accessing databases, keeping secrets, and so on. This approach means that most chapters can be read in isolation as you encounter the need to support these tasks during your application development. Instead of exercises, many chapters will end with a checklist for the particular task covered in the chapter discussions, which you can use during your development as a reminder, and as a task list to ensure that you have considered and addressed each potential fl aw or vulnerability.

When you decide to test your applications for vulnerabilities, be sure that you run any tests against a development installation of your site. If you have a central development server, then ensure that you inform whoever manages the server that you will be performing security testing. Never run any tests against a live installation of your application, or against a Web site that is not under your
control.

Be aware that your country may have specifi c laws regarding encryption. Using some of the methods
outlined in this book may be restricted, or even illegal, depending on where you live.

WHO THIS BOOK IS FOR
This book is for developers who already have a solid understanding of ASP.NET, but who need
to know about the potential issues and common security vulnerabilities that ASP.NET can have.

The book does not teach you how to construct and develop an ASP.NET Web site, but instead will
expand upon your existing knowledge, and provide you with the understanding and tools to secure
your applications against attackers..........

Download e-book :  BEGINNING ASP.NET SECURITY / PDF