Developing More-Secure Microsoft ASP.NET 2.0 Applications
Published on 27. September 2006
Book
Paperback/Softback
480 pages
978-0-7356-2331-6 (ISBN)
Description
Build your expertise for developing more-secure applications with ASP.NET 2.0. A leading security expert delivers best practices, pragmatic instruction, and extensive code samples in Microsoft Visual C# to help you develop Web applications that are more robust, more reliable, and more resistant to attack.
Discover how to:
Harden a Web server, operating system, communication protocol, and ASP.NET Validate input data with white listing, regular expressions, sandboxing, and other techniques
Understand design and security implications of various cryptography approaches
Integrate with Microsoft Windows security features such as impersonation, delegation and protocol transition
Implement Web farm, single sign-on, and mixed-mode authentication
Use provider-based features for user and role management and authentication
Trace attacks with error-handling, logging, and instrumentation
Lock down your application with partial trust
PLUS-Get code samples on the Web
Discover how to:
Harden a Web server, operating system, communication protocol, and ASP.NET Validate input data with white listing, regular expressions, sandboxing, and other techniques
Understand design and security implications of various cryptography approaches
Integrate with Microsoft Windows security features such as impersonation, delegation and protocol transition
Implement Web farm, single sign-on, and mixed-mode authentication
Use provider-based features for user and role management and authentication
Trace attacks with error-handling, logging, and instrumentation
Lock down your application with partial trust
PLUS-Get code samples on the Web
More details
Language
English
Place of publication
Redmond
United States
Target group
Professional and scholarly
Dimensions
Height: 229 mm
Width: 187 mm
ISBN-13
978-0-7356-2331-6 (9780735623316)
Copyright in bibliographic data is held by Nielsen Book Services Limited or its licensors: all rights reserved.
Schweitzer Classification
Person
Dominick Baier splits his time between being an independent security consultant and an instructor for DevelopMentor - teaching and authoring the ASP.NET and the .NET security curriculum. He has a degree in computer science (German Diplom Ingenieur), is a certified BS7799/ISO17799 Lead Auditor and speaks at various conferences (WinDev, DevWeek, ADC) about application security. When not teaching he spends his time researching security, doing audits and penetration tests and helps other developers around the world to build more secure applications. Dominick maintains a security blog at http://www.leastprivilege.com.
Content
Web Application Security ASP.NET 2.0 Architecture Input Validation Storing Secrets Authentication & Authorization Security Provider & Controls Logging & Instrumentation Partial Trust ASP.NET Deployment & Configuration Tools & Resources Appendices: Building a Customer Protected Configuration Provider Session State Compartmentalizing ASP.NET Applications Secure Web Services Unit Testing Web Applications Using Visual Studio Team Edition Index