Security for Microsoft Visual Basic .NET,9780735619197

Security for Microsoft Visual Basic .NET

by ;
Edition: 1st
ISBN13: 9780735619197
ISBN10: 0735619190
Format: Paperback
Pub. Date: 2003-05-28
Publisher(s): Microsoft Press
List Price: $49.99

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $23.95

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

This is the first book every Visual Basic .NET programmer should read on security. This is an end-to-end guide, with clear prescriptive guidance for best practices, application design, and coding techniques for Windows and Web-based applications. This book makes writing secure applications easier than ever before. It features plain-language explanations of security terms illustrated with step-by-step code walk-throughs and sample files for both Visual Basic .NET 2002 and Visual Basic .NET 2003. Programmers will learn how to use encryption, role-based security, code access security, authentication, authorization along with techniques to help protect against common exploits. Also covered in this end-to-end guide are techniques for locking down Microsoft Windows, Internet Information Services and Microsoft SQL server. Readers will learn how to perform a security audit, how to test for security, how to design with security in mind, and security techniques for deploying Windows and Web-based applications.

Author Biography

Ed Robinson, a lead program manager for Microsoft Michael James Bond is a development lead on the Visual Basic .NET team

Table of Contents

Introduction xiii
Part I Development Techniques
Encryption
3(24)
Practice Files
5(1)
Hash Digests
6(5)
Private Key Encryption
11(8)
Keeping Private Keys Safe
17(2)
Public Key Encryption
19(3)
Hiding Unnecessary Information
22(2)
Encryption in the Real World
24(1)
Summary
25(2)
Role-Based Authorization
27(18)
Role-Based Authorization Exercise
31(3)
Windows Integrated Security
34(4)
ASP.NET Authentication and Authorization
38(3)
Role-Based Authorization in the Real World
41(1)
Summary
42(3)
Code-Access Security
45(30)
How Actions Are Considered Safe or Unsafe
46(1)
What Prevents Harmful Code from Executing?
47(1)
It's On By Default
47(1)
Security Features and the Visual Basic .NET Developer
48(1)
Code-Access Security vs. Application Role-Based Security
49(2)
Code-Access Security Preempts Application Role-Based Security
49(2)
Run Your Code in Different Security Zones
51(21)
What Code-Access Security Is Meant to Protect
55(1)
Permissions---The Basis of What Your Code Can Do
55(11)
Ensuring That Your Code Will Run Safely
66(2)
Cooperating with the Security System
68(4)
Code-Access Security in the Real World
72(1)
Summary
73(2)
ASP.NET Authentication
75(24)
EmployeeManagementWeb Practice Files
77(1)
Forms Authentication
77(7)
Windows Integrated Security Authentication
84(4)
Passport Authentication
88(10)
Install the Passport SDK
90(8)
ASP.NET Authentication in the Real World
98(1)
Summary
98(1)
Securing Web Applications
99(22)
Secure Sockets Layer
102(5)
How SSL Works
103(4)
Securing Web Services
107(6)
Implementing an Audit Trail
113(3)
Securing Web Applications in the Real World
116(1)
Summary
116(5)
Part II Ensuring Hack-Resistant Code
Application Attacks and How to Avoid Them
121(36)
Denial of Service Attacks
122(5)
Defensive Techniques for DoS Attacks
123(4)
File-Based or Directory-Based Attacks
127(5)
Defensive Technique for File-Based or Directory-Based Attacks
128(4)
SQL-Injection Attacks
132(9)
Defensive Techniques for SQL-Injection Attacks
135(6)
Cross-Site Scripting Attacks
141(10)
When HTML Script Injection Becomes a Problem
145(3)
Defensive Techniques for Cross-Site Scripting Attacks
148(3)
Child-Application Attacks
151(4)
Defensive Technique for Child-Application Attacks
153(2)
Guarding Against Attacks in the Real World
155(1)
Summary
156(1)
Validating Input
157(26)
Working with Input Types and Validation Tools
158(23)
Direct User Input
158(7)
General Language Validation Tools
165(7)
Web Application Input
172(2)
Nonuser Input
174(3)
Input to Subroutines
177(4)
Summary
181(2)
Handling Exceptions
183(14)
Where Exceptions Occur
184(2)
Exception Handling
186(6)
Global Exception Handlers
192(3)
Exception Handling in the Real World
195(1)
Summary
196(1)
Testing for Attack-Resistant Code
197(28)
Plan of Attack---The Test Plan
198(10)
Brainstorm---Generate Security-Related Scenarios
200(4)
Get Focused---Prioritize Scenarios
204(2)
Generate Tests
206(2)
Attack---Execute the Plan
208(10)
Testing Approaches
208(5)
Testing Tools
213(4)
Test in the Target Environment
217(1)
Make Testing for Security a Priority
218(1)
Common Testing Mistakes
218(3)
Testing Too Little, Too Late
218(1)
Failing to Test and Retest for Security
219(1)
Failing to Factor in the Cost of Testing
220(1)
Relying Too Much on Beta Feedback
220(1)
Assuming Third-Party Components Are Safe
220(1)
Testing in the Real World
221(1)
Summary
222(3)
Part III Deployment and Configuration
Securing Your Application for Deployment
225(44)
Deployment Techniques
226(4)
XCopy Deployment
226(1)
No-Touch Deployment
227(1)
Windows Installer Deployment
227(1)
Cabinet-File Deployment
228(2)
Code-Access Security and Deployment
230(2)
Deploy and Run Your Application in the .NET Security Sandbox
231(1)
Certificates and Signing
232(22)
Digital Certificates
232(3)
Authenticode Signing
235(3)
Strong-Name Signing
238(4)
Authenticode Signing vs. Strong Naming
242(1)
Strong Naming, Certificates, and Signing Exercise
243(11)
Deploying .NET Security Policy Updates
254(10)
Update .NET Enterprise Security Policy
254(5)
Deploy .NET Enterprise Security Policy Updates
259(5)
Protecting Your Code---Obfuscation
264(2)
Obscurity <> Security
265(1)
Deployment Checklist
266(1)
Deployment in the Real World
267(1)
Summary
268(1)
Locking Down Windows, Internet Information Services, and .NET
269(14)
``I'm Already Protected. I'm Using a Firewall.''
270(1)
Fundamental Lockdown Principles
271(2)
Automated Tools
273(2)
Locking Down Windows Clients
275(3)
Format Disk Drives Using NTFS
275(1)
Disable Auto Logon
275(1)
Enable Auditing
276(1)
Turn Off Unnecessary Services
276(1)
Turn Off Unnecessary Sharing
276(1)
Use Screen-Saver Passwords
277(1)
Remove File-Sharing Software
277(1)
Implement BIOS Password Protection
277(1)
Disable Boot from Floppy Drive
278(1)
Locking Down Windows Servers
278(1)
Isolate Domain Controller
278(1)
Disable and Delete Unnecessary Accounts
278(1)
Install a Firewall
279(1)
Locking Down IIS
279(1)
Disable Unnecessary Internet Services
279(1)
Disable Unnecessary Script Maps
279(1)
Remove Samples
280(1)
Enable IIS Logging
280(1)
Restrict IUSR_<computername>
280(1)
Install URLScan
280(1)
Locking Down .NET
280(1)
Summary
281(2)
Securing Databases
283(20)
Core Database Security Concepts
284(1)
SQL Server Authentication
284(7)
Determining Who Is Logged On
288(1)
How SQL Server Assigns Privileges
289(2)
SQL Server Authorization
291(1)
Microsoft Access Authentication and Authorization
291(6)
Microsoft Access User-Level Security Models
292(5)
Locking Down Microsoft Access
297(1)
Locking Down SQL Server
298(2)
Summary
300(3)
Part IV Enterprise-Level Security
Ten Steps to Designing a Secure Enterprise System
303(16)
Design Challenges
304(1)
Step 1: Believe You Will Be Attacked
305(1)
Step 2: Design and Implement Security at the Beginning
306(1)
Step 3: Educate the Team
307(1)
Step 4: Design a Secure Architecture
307(4)
Named-Pipes vs. TCP-IP
310(1)
If You Do Nothing Else...
311(1)
Step 5: Threat-Model the Vulnerabilities
311(1)
Step 6: Use Windows Security Features
312(1)
Step 7: Design for Simplicity and Usability
312(2)
Step 8: No Back Doors
314(1)
Step 9: Secure the Network with a Firewall
314(2)
Step 10: Design for Maintenance
316(1)
Summary
317(2)
Threats---Analyze, Prevent, Detect, and Respond
319(18)
Analyze for Threats and Vulnerabilities
320(6)
Identify and Prioritize
321(5)
Prevent Attacks by Mitigating Threats
326(3)
Mitigating Threats
326(3)
Detection
329(4)
Early Detection
329(1)
Detecting That an Attack Has Taken Place or Is in Progress
330(3)
Respond to an Attack
333(1)
Prepare for a Response
334(1)
Security Threats in the Real World
334(1)
Summary
335(2)
Threat Analysis Exercise
337(12)
Analyze for Threats
337(9)
Allocate Time
338(1)
Plan and Document Your Threat Analysis
339(1)
Create a Laundry List of Threats
339(5)
Prioritize Threats
344(2)
Respond to Threats
346(1)
Summary
347(2)
Future Trends
349(14)
The Arms Race of Hacking
350(4)
No Operating System Is Safe
352(1)
Cyber-Terrorism
352(2)
What Happens Next?
354(2)
Responding to Security Threats
356(6)
Privacy vs. Security
356(3)
The IPv6 Internet Protocol
359(1)
Government Initiatives
360(1)
Microsoft Initiatives
360(2)
Summary
362(1)
Guide to the Code Samples 363(12)
Contents of SecurityLibrary.vb 375(4)
Index 379

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.