Beginning ASP.NET Security

Programmers: protect and defend your Web apps against attack! You may know ASP.NET, but if you don't understand how to secure your applications, you need this book. This vital guide explores the often-overlooked topic of teaching programmers how to design ASP.NET Web applications so as to prevent online thefts and security breaches. You'll start with a thorough look at ASP.NET 3.5 basics and see happens when you don't implement security, including some amazing examples. The book then delves into the development of a Web application, walking you through the vulnerable points at every phase. Learn to factor security in from the ground up, discover a wealth of tips and industry best practices, and explore code libraries and more resources provided by Microsoft and others. Shows you step by step how to implement the very latest security techniques Reveals the secrets of secret-keeping encryption, hashing, and not leaking information to begin with Delves into authentication, authorizing, and securing sessions Explains how to secure Web servers and Web services, including WCF and ASMX Walks you through threat modeling, so you can anticipate problems Offers best practices, techniques, and industry trends you can put to use right away Defend and secure your ASP.NET 3.5 framework Web sites with this must-have guide.

Programmers: protect and defend your Web apps againstattack!You may know ASP.NET, but if you don't understand how to secureyour applications, you need this book. This vital guide exploresthe often-overlooked topic of teaching programmers how to designASP.NET Web applications so as to prevent online thefts andsecurity breaches.You'll start with a thorough look at ASP.NET 3.5 basics and seehappens when you don't implement security, including someamazing examples. The book then delves into the development of aWeb application, walking you through the vulnerable points at everyphase. Learn to factor security in from the ground up, discover awealth of tips and industry best practices, and explore codelibraries and more resources provided by Microsoft and others.* Shows you step by step how to implement the very latestsecurity techniques* Reveals the secrets of secret-keeping--encryptionhashing, and not leaking information to begin with* Delves into authentication, authorizing, and securingsessions* Explains how to secure Web servers and Web services, includingWCF and ASMX* Walks you through threat modeling, so you can anticipateproblems* Offers best practices, techniques, and industry trends you canput to use right awayDefend and secure your ASP.NET 3.5 framework Web sites with thismust-have guide.

ACKNOWLEDGMENTS xiINTRODUCTION xxiCHAPTER 1: WHY WEB SECURITY MATTERS 1CHAPTER 2: HOW THE WEB WORKS 15CHAPTER 3: SAFELY ACCEPTING USER INPUT 39CHAPTER 4: USING QUERY STRINGS, FORM FIELDS, EVENTS, AND BROWSERINFORMATION 65CHAPTER 5: CONTROLLING INFORMATION 87CHAPTER 6: KEEPING SECRETS SECRET -- HASHING AND ENCRYPTION117CHAPTER 7: ADDING USERNAMES AND PASSWORDS 151CHAPTER 8: SECURELY ACCESSING DATABASES 185CHAPTER 9: USING THE FILE SYSTEM 207CHAPTER 10: SECURING XML 225CHAPTER 11: SHARING DATA WITH WINDOWS COMMUNICATION FOUNDATION255CHAPTER 12: SECURING RICH INTERNET APPLICATIONS 289CHAPTER 13: UNDERSTANDING CODE ACCESS SECURITY 315CHAPTER 14: SECURING INTERNET INFORMATION SERVER (IIS) 329CHAPTER 15: THIRD-PARTY AUTHENTICATION 359CHAPTER 16: SECURE DEVELOPMENT WITH THE ASP.NET MVC FRAMEWORK385MVC Framework 398INDEX 399