did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780782142662

.NET Development Security Solutions

by
  • ISBN13:

    9780782142662

  • ISBN10:

    0782142664

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2003-10-03
  • Publisher: Sybex
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $49.99 Save up to $1.50
  • Buy New
    $48.49
    Add to Cart Free Shipping Icon Free Shipping

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

Supplemental Materials

What is included with this book?

Summary

The .NET Framework offers new, more effective ways to secure your Web and LAN-based applications. .NET Development Security Solutions uses detailed, code-intensive examples-lots of them-to teach you the right techniques for most scenarios you're likely to encounter. This is not an introduction to security; it's an advanced cookbook that shows experienced programmers how to meet tough security challenges: Recognize and avoid dangerous traps-including holes in .NET Work fluently with both role-based and code access security Maximize the security advantages of policies and code groups Promote security using Active Directory Secure data with .NET cryptographic techniques Meet the toughest LAN security requirements Tackle special security issues associated with Web and wireless applications Implement Win32 API security in managed applications Uniting this instruction is a coherent, cohesive mindset that will help you take the human factor into account at every step. You'll become technically proficient with all the tools at your disposal-and, at the same time, you'll learn to make your solutions more powerful by crafting them in ways that dovetail with users' needs-and foibles-and anticipate cracker exploits.

Author Biography

John Mueller is a freelance author and technical editor. He has produced 55 books and over 200 articles on topics ranging from networking to database management to programming. His most recent books are Visual C# .NET Developer's Handbook and .NET Framework Solutions: In Search of the Lost Win32 API from Sybex. He's written articles for SQL Server Professional, Visual C++ Developer, and Visual Basic Developer magazines and he's editor of the .NET electronic newsletter for Pinnacle Publishing.

Table of Contents

Introduction xxi
Part I Introduction to .NET Security 1(66)
Chapter 1 Understanding .NET Security
3(20)
An Overview of .NET Framework Enhancements
5(6)
Using Role-based Security
7(2)
Executing Code in the Managed Environment
9(2)
Security Problems .NET Can't Stop
11(7)
Stupid User Tricks
12(1)
Some External Forces
13(1)
Poorly Patched Systems
14(1)
Inept Enterprise Policies
15(2)
Windows File Protection Vulnerabilities
17(1)
.NET Framework Security Architecture Considerations
18(3)
Securing the Binary Output
18(1)
Understanding the Effects of Garbage Collection
18(1)
Considering the Requirements of Object-Oriented Programming
19(1)
Understanding Native Code Access Concerns
19(2)
Summary
21(2)
Chapter 2 .NET Framework Security Overview
23(28)
Locating the Security Information You Need
24(4)
Dealing with Patches
25(1)
Locating General Security Tips for Everyone
26(1)
Finding .NET Framework Specific Security Tips
27(1)
Understanding the System.Runtime.Remoting.Contexts Namespace
28(3)
Contexts Namespace Overview
28(1)
SynchronizationAttribute Attribute Example
29(2)
Understanding the System.Security Namespace
31(4)
Security Namespace Overview
31(1)
SecurityManager Class Example
32(3)
Understanding the System.Security.Cryptography Namespace
35(4)
Cryptography Namespace Structure Overview
36(1)
Cryptography Namespace Structure Example
36(3)
Understanding the System.Security.Permissions Namespace
39(1)
Understanding the System.Security.Policy Namespace
39(1)
Understanding the System.Security.Principal Namespace
40(1)
Understanding the System.Web.Security Namespace
41(1)
Understanding the System.DirectoryServices Namespace
41(9)
DirectoryServices Namespace Overview
42(1)
DirectoryServices Namespace Example
42(8)
Summary
50(1)
Chapter 3 Avoiding Common Errors and Traps
51(16)
Preventing Data Entry Errors
52(8)
Putting the Time back into Access
53(1)
Checking the Data Range
53(2)
Checking the Data Length
55(2)
Keeping Unnecessary Characters Controlled
57(2)
Providing Precise Help
59(1)
Stopping Buffer Overruns
60(1)
Understanding How Buffer Overruns Work
60(1)
Keeping Exploits Controlled
61(1)
Controlling Access
61(2)
Understanding Code Access Control Issues
61(1)
Understanding User Access Control Issues
62(1)
Setting Privileges Appropriately
62(1)
Avoiding Canonical Representation Issues
63(1)
Summary
64(3)
Part II Desktop and LAN Security 67(164)
Chapter 4 .NET Role-Based Security Techniques
69(38)
Understanding How .NET Role-Based Security Differs
70(13)
Defining Code Access Security versus Role-based Security
71(4)
Defining Membership and Evidence
75(2)
Using Permission Objects
77(4)
Using Principal and Identity Objects
81(2)
Using the Permission View Tool
83(4)
Using the .NET Framework Configuration Tool
87(5)
Working with Code Groups
88(2)
Creating and Defining Permission Sets
90(1)
Defining Policy Assemblies
91(1)
Adding Configured Applications
92(1)
Defining Effective Declarative Security
92(1)
Defining Effective Imperative Security
93(1)
Securing the Registry
93(5)
Using the RegistryPermission Class
94(3)
A Word about Registry Security
97(1)
Developing a Secure Desktop Application Installation
98(8)
Using the StrongNameIdentityPermission Class
98(5)
Using the System.Reflection.Assembly.Evidence Property
103(3)
Summary
106(1)
Chapter 5 Policies and Code Groups in Detail
107(40)
Using the Code Access Security Policy Tool
108(10)
Listing the Permissions and Code Groups
109(2)
Making Group Modifications
111(2)
Making Permission Modifications
113(3)
Adding an Assembly
116(1)
Resolving Security Errors in Assemblies
117(1)
Using the .NET Wizards
118(1)
Using Code Groups
118(21)
Understanding the Default Groups
119(1)
Working with Code Groups
120(8)
Adding New Permissions
128(11)
Using Policy Objects
139(6)
Installing a New Permission
140(2)
Creating a Code Group Based on the Permission
142(1)
Designing a Named Permission Test Program
143(2)
Summary
145(2)
Chapter 6 Validation and Verification Issues
147(24)
Ensuring Trust in the Managed Environment
148(1)
Validating Your Code
149(11)
Checking the Intermediate Language (IL) Code
150(1)
Validating the Standard Check
151(1)
Circumventing and Fixing the Standard Check
152(4)
Protecting Your Code with Dotfuscator
156(3)
Creating a Security Deployment Package
159(1)
Relying on the AppDomain for Managed Code
160(4)
Accessing Another Application
160(3)
Understanding Component Access Problems
163(1)
Extending the AppDomain to Unmanaged Code
164(5)
Working with External Functions
165(2)
Working with External Programs
167(2)
Summary
169(2)
Chapter 7 .NET Cryptographic Techniques
171(32)
Administering the Cryptographic Settings
172(12)
Using the Certification Authority Utility
173(6)
Managing the Cryptographic Classes
179(5)
Understanding the Supported Cryptographic Methods
184(3)
Beware of the Cracked Symmetric Algorithm
185(1)
Learning about the Asymmetric Algorithm
186(1)
Encrypting and Decrypting Files
187(9)
Using Symmetric Cryptography
187(2)
Using Asymmetric Cryptography
189(6)
Deriving a Key from a Password
195(1)
Using the System.Security.Cryptography.X5O9Certificates Namespace
196(3)
Using Hash Functions
199(1)
Summary
200(3)
Chapter 8 LAN Security Requirements
203(28)
Working with Sockets
205(7)
Using the SocketPermission Class
205(4)
Using the Secure Socket Layer (SSL) Protocol
209(1)
Using the System.Net.NetworkCredential and System.Net.CredentialCache Classes
210(2)
Understanding RPC Security
212(1)
Working with DCOM
213(7)
Maintaining Control with COM Attributes
214(2)
Developing a Component with Attributes
216(1)
Creating a Test Application
217(3)
Developing a Secure Server Application Installation
220(1)
Working with COM+
220(9)
Creating a COM+ Component
221(2)
Working with the SecurityCallContext Class
223(2)
Adding Security to a COM+ Application
225(4)
Summary
229(2)
Part III Web-based Security 231(104)
Chapter 9 Web Sever Security
233(30)
Keeping the Server Safe
235(14)
Authentication Techniques
236(10)
Authorization Techniques
246(3)
Communication with Other Servers
249(1)
Administering the Server
249(4)
Using the Microsoft Baseline Security Analyzer
250(2)
Using the IIS Lockdown Tool
252(1)
Avoiding Distributed Denial of Service (DDOS) Attacks
253(5)
Don't Process Out-of-Band (OOB) Messages
254(1)
Using the Performance Counter Approach
254(4)
Overcoming Apparent Communication Errors
258(1)
Using Web-based Application Testing Techniques
259(1)
Developing a Secure Web-based Application Installation
260(1)
Summary
261(2)
Chapter 10 Web Data Security
263(36)
Defining the Database Connection
264(13)
Securing the DBMS
265(2)
Developing a Database Application
267(10)
Stemming the Tide of Leaking Information
277(1)
Implementing Data Encryption
278(1)
Understanding Remoting and Data Encryption
279(15)
Understanding Automatic Deserialization
280(1)
Understanding Remoting and Code Access Security
281(2)
Creating a Remoting Component
283(3)
Creating a Remoting Host Application
286(2)
Creating a Remoting Client Application
288(5)
Using HttpChannel Security
293(1)
Using SSL to Communicate Credentials
294(4)
Adding SSL Support to a Server
294(2)
Creating an SSL Application
296(2)
Summary
298(1)
Chapter 11 Securing XML and Web Services
299(36)
Securing Web Services
301(11)
XML and Security
302(1)
Web Service Proxy Security Considerations
303(2)
Working with SoapHttpClientProtocol Class Security
305(3)
Working with DiscoveryClientProtocol Class Security
308(4)
Using the System.Security.Cryptography.Xml Namespace
312(6)
Understanding the System.Security.Cryptography.Xml Namespace
313(1)
Creating and Verifying XML Digital Signatures
314(4)
Working with WS-Security
318(2)
Working with the eXtensible Access Control Markup Language
320(1)
Using the Visual Studio .NET Passport Features
321(4)
Passport Features in the System.Web.Security Namespace
323(1)
A Simple Passport Example
323(2)
Using the Web Service Features of COM+ 1.5
325(7)
Performing the Application Setup
326(2)
Creating a Simple COM+ Test Application
328(4)
Verifying the Application Is Safe
332(1)
Summary
332(3)
Part IV Other Security Topics 335(104)
Chapter 12 Active Directory Security
337(26)
Monitoring Active Directory
338(5)
Using the AD SI Viewer Utility
339(3)
Other Active Directory Tools
342(1)
Using Active Directory in Place of the Registry
343(2)
Understanding Domain Trust Relationships
345(8)
Defining the Domain Trust Issues
345(1)
Working Directly with the Domain Controller
346(7)
Managing Directory Services
353(9)
Using Declarative Active Directory Security
353(1)
Using Imperative Active Directory Security
354(3)
Defining Write Access to Active Directory
357(5)
Summary
362(1)
Chapter 13 Wireless Device Security
363(26)
.NET Compact Framework Security Considerations
365(9)
Understanding Wireless Security Issues
365(2)
Discovering Which Classes Apply to Both Environments
367(2)
Developing a Simple .NET Compact Framework Program
369(5)
The Two Environments of Wireless Programs
374(6)
Overcoming Direct Execution Problems
375(1)
Avoiding Browser-Based Application Issues
376(4)
Effects of Security Policy on Mobile Applications
380(1)
Component Calling Limitations
381(1)
Using the System.Web.Security Namespace
382(4)
Defining File Security Using the FileAuthorizationModule Class
383(1)
Defining Form Security Using the FormsAuthentication Class
384(2)
Summary
386(3)
Chapter 14 Win32 API Overview
389(24)
Knowing When to Use the Win3 2 API
391(4)
Win32 API and .NET Framework Differences
391(1)
Avoiding Dangerous APIs
392(3)
Understanding the Windows Security API
395(4)
Considering Access Problems with the Win32 API
399(2)
Using the Run As Windows Feature
399(1)
Understanding Resources Both Granted and Denied
400(1)
Using the Access Control Editor
401(2)
Using the Security Configuration Editor
403(2)
Working with SIDs
405(3)
Accessing an ACE Directly
408(3)
Summary
411(2)
Chapter 15 Win32 API Advanced Techniques
413(26)
Working with the DACZ
414(4)
Working with the SACL
418(7)
Writing the Auditing Code
418(5)
Running the Application
423(1)
Considering a Security Setting Alternative
424(1)
Securing Controls and Components
425(1)
Securing Files
426(3)
Using the RegGetKeySecurity() and RegSetKeySecurity() Functions
429(3)
Working with Remote Unmanaged Components
432(5)
Setting Up the General DCOM Environment
432(2)
Using the General DCOM Security Options
434(1)
Working with Component Level Security
435(1)
Setting the Authentication Level
436(1)
Summary
437(2)
Glossary 439(16)
Index 455

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program