| Introduction | xiii |
| PART I DEVELOPMENT TECHNIQUES | |
| 1 Encryption | 3 |
| Practice Files | 5 |
| Hash Digests | 6 |
| Private Key Encryption | 11 |
| Keeping Private Keys Safe | 17 |
| Public Key Encryption | 19 |
| Hiding Unnecessary Information | 22 |
| Encryption in the Real World | 24 |
| Summary | 25 |
| 2 Role-Based Authorization | 27 |
| Role-Based Authorization Exercise | 31 |
| Windows Integrated Security | 34 |
| ASP.NET Authentication and Authorization | 38 |
| Role-Based Authorization in the Real World | 41 |
| Summary | 42 |
| 3 Code-Access Security | 45 |
| How Actions Are Considered Safe or Unsafe | 46 |
| What Prevents Harmful Code from Executing? | 47 |
| It's On By Default | 47 |
| Security Features and the Visual Basic .NET Developer | 48 |
| Code-Access Security vs. Application Role-Based Security | 49 |
| Code-Access Security Preempts Application Role-Based Security | 49 |
| Run Your Code in Different Security Zones | 51 |
| What Code-Access Security Is Meant to Protect | 55 |
| Permissions—The Basis of What Your Code Can Do | 55 |
| Ensuring That Your Code Will Run Safely | 66 |
| Cooperating with the Security System | 68 |
| Code-Access Security in the Real World | 72 |
| Summary | 73 |
| 4 ASP.NET Authentication | 75 |
| EmployeeManagementWeb Practice Files | 77 |
| Forms Authentication | 77 |
| Windows Integrated Security Authentication | 84 |
| Passport Authentication | 88 |
| Install the Passport SDK | 90 |
| ASP.NET Authentication in the Real World | 98 |
| Summary | 98 |
| 5 Securing Web Applications | 99 |
| Secure Sockets Layer | 102 |
| How SSL Works | 103 |
| Securing Web Services | 107 |
| Implementing an Audit Trail | 113 |
| Securing Web Applications in the Real World | 116 |
| Summary | 116 |
| PART II ENSURING HACK-RESISTANT CODE | |
| 6 Application Attacks and How to Avoid Them | 121 |
| Denial of Service Attacks | 122 |
| Defensive Techniques for DoS Attacks | 123 |
| File-Based or Directory-Based Attacks | 127 |
| Defensive Technique for File-Based or Directory-Based Attacks | 128 |
| SQL-Injection Attacks | 132 |
| Defensive Techniques for SQL-Injection Attacks | 135 |
| Cross-Site Scripting Attacks | 141 |
| When HTML Script Injection Becomes a Problem | 145 |
| Defensive Techniques for Cross-Site Scripting Attacks | 148 |
| Child-Application Attacks | 151 |
| Defensive Technique for Child-Application Attacks | 153 |
| Guarding Against Attacks in the Real World | 155 |
| Summary | 156 |
| 7 Validating Input | 157 |
| Working with Input Types and Validation Tools | 158 |
| Direct User Input | 158 |
| General Language Validation Tools | 165 |
| Web Application Input | 172 |
| Nonuser Input | 174 |
| Input to Subroutines | 177 |
| Summary | 181 |
| 8 Handling Exceptions | 183 |
| Where Exceptions Occur | 184 |
| Exception Handling | 186 |
| Global Exception Handlers | 192 |
| Exception Handling in the Real World | 195 |
| Summary | 196 |
| 9 Testing for Attack-Resistant Code | 197 |
| Plan of Attack—The Test Plan | 198 |
| Brainstorm—Generate Security-Related Scenarios | 200 |
| Get Focused—Prioritize Scenarios | 204 |
| Generate Tests | 206 |
| Attack—Execute the Plan | 208 |
| Testing Approaches | 208 |
| Testing Tools | 213 |
| Test in the Target Environment | 217 |
| Make Testing for Security a Priority | 218 |
| Common Testing Mistakes | 218 |
| Testing Too Little, Too Late | 218 |
| Failing to Test and Retest for Security | 219 |
| Failing to Factor In the Cost of Testing | 220 |
| Relying Too Much on Beta Feedback | 220 |
| Assuming Third-Party Components Are Safe | 220 |
| Testing in the Real World | 221 |
| Summary | 222 |
| PART III DEPLOYMENT AND CONFIGURATION | |
| 10 Securing Your Application for Deployment | 225 |
| Deployment Techniques | 226 |
| XCopy Deployment | 226 |
| No-Touch Deployment | 227 |
| Windows Installer Deployment | 227 |
| Cabinet-File Deployment | 228 |
| Code-Access Security and Deployment | 230 |
| Deploy and Run Your Application in the .NET Security Sandbox | 231 |
| Certificates and Signing | 232 |
| Digital Certificates | 232 |
| Authenticode Signing | 235 |
| Strong-Name Signing | 238 |
| Authenticode Signing vs. Strong Naming | 242 |
| Strong Naming, Certificates, and Signing Exercise | 243 |
| Deploying .NET Security Policy Updates | 254 |
| Update .NET Enterprise Security Policy | 254 |
| Deploy .NET Enterprise Security Policy Updates | 259 |
| Protecting Your Code—Obfuscation | 264 |
| Obscurity <> Security | 265 |
| Deployment Checklist | 266 |
| Deployment in the Real World | 267 |
| Summary | 268 |
| 11 Locking Down Windows, Internet Information Services, and .NET | 269 |
| "I'm Already Protected. I'm Using a Firewall." | 270 |
| Fundamental Lockdown Principles | 271 |
| Automated Tools | 273 |
| Locking Down Windows Clients | 275 |
| Format Disk Drives Using NTFS | 275 |
| Disable Auto Logon | 275 |
| Enable Auditing | 276 |
| Turn Off Unnecessary Services | 276 |
| Turn Off Unnecessary Sharing | 276 |
| Use Screen-Saver Passwords | 277 |
| Remove File-Sharing Software | 277 |
| Implement BIOS Password Protection | 277 |
| Disable Boot from Floppy Drive | 278 |
| Locking Down Windows Servers | 278 |
| Isolate Domain Controller | 278 |
| Disable and Delete Unnecessary Accounts | 278 |
| Install a Firewall | 279 |
| Locking Down IIS | 279 |
| Disable Unnecessary Internet Services | 279 |
| Disable Unnecessary Script Maps | 279 |
| Remove Samples | 280 |
| Enable IIS Logging | 280 |
| Restrict IUSR_<computername> | 280 |
| Install URLScan | 280 |
| Locking Down .NET | 280 |
| Summary | 281 |
| 12 Securing Databases | 283 |
| Core Database Security Concepts | 284 |
| SQL Server Authentication | 284 |
| Determining Who Is Logged On | 288 |
| How SQL Server Assigns Privileges | 289 |
| SQL Server Authorization | 291 |
| Microsoft Access Authentication and Authorization | 291 |
| Microsoft Access User-Level Security Models | 292 |
| Locking Down Microsoft Access | 297 |
| Locking Down SQL Server | 298 |
| Summary | 300 |
| PART IV ENTERPRISE-LEVEL SECURITY | |
| 13 Ten Steps to Designing a Secure Enterprise System | 303 |
| Design Challenges | 304 |
| Step 1: Believe You Will Be Attacked | 305 |
| Step 2: Design and Implement Security at the Beginning | 306 |
| Step 3: Educate the Team | 307 |
| Step 4: Design a Secure Architecture | 307 |
| Named-Pipes vs. TCP-IP | 310 |
| If You Do Nothing Else. | 311 |
| Step 5: Threat-Model the Vulnerabilities | 311 |
| Step 6: Use Windows Security Features | 312 |
| Step 7: Design for Simplicity and Usability | 312 |
| Step 8: No Back Doors | 314 |
| Step 9: Secure the Network with a Firewall | 314 |
| Step 10: Design for Maintenance | 316 |
| Summary | 317 |
| 14 Threats—Analyze, Prevent, Detect, and Respond | 319 |
| Analyze for Threats and Vulnerabilities | 320 |
| Identify and Prioritize | 321 |
| Prevent Attacks by Mitigating Threats | 326 |
| Mitigating Threats | 326 |
| Detection | 329 |
| Early Detection | 329 |
| Detecting That an Attack Has Taken Place or Is in Progress | 330 |
| Respond to an Attack | 333 |
| Prepare for a Response | 334 |
| Security Threats in the Real World | 334 |
| Summary | 335 |
| 15 Threat Analysis Exercise | 337 |
| Analyze for Threats | 337 |
| Allocate Time | 338 |
| Plan and Document Your Threat Analysis | 339 |
| Create a Laundry List of Threats | 339 |
| Prioritize Threats | 344 |
| Respond to Threats | 346 |
| Summary | 347 |
| 16 Future Trends | 349 |
| The Arms Race of Hacking | 350 |
| No Operating System Is Safe | 352 |
| Cyber-Terrorism | 352 |
| What Happens Next? | 354 |
| Responding to Security Threats | 356 |
| Privacy vs. Security | 356 |
| The IPv6 Internet Protocol | 359 |
| Government Initiatives | 360 |
| Microsoft Initiatives | 360 |
| Summary | 362 |
| A Guide to the Code Samples | 363 |
| B Contents of SecurityLibrary.vb | 375 |
| INDEX | 379 |
