Hacking the Code: ASP.NET Web Application Security

Are Your Web Applications Really Secure? This unique book walks you through the many threats to your web application code, from managing and authorizing users and encrypting private data to filtering user input and securing XML. For every defined threat, it provides a menu of solutions and coding considerations. And, it offers coding examples and a set of security policies for each of the corresponding threats.

Know the threats to your applications:

• Develop secure password policies and how to securely manage user passwords in your web application.
• Establish a secure procedure for resetting lost or forgotten passwords and discover how to properly use secret questions in that process.
• Securely authenticate and authorize users, taking advantage of the advanced capabilities in ASP.NET
• Limit exposure to credential harvesting and brute force password attacks.
• Securely manage user sessions and learn how to create strong user authentication tokens.
• Work with the built-in state providers and securely implement view state in your forms.
• Make sense of the extensive encryption features in ASP.NET and employ symmetric and asymmetric encryption for sensitive data.
• Properly encrypt and store secrets to the registry, a file, or the protected store.
• Filter user input to prevent from SQL injection, directory traversal, cross-site scripting and other application-level attacks.
• Apply techniques such as pattern matching and data reflecting to control exposure to malicious input attacks.
• Configure honey drops to detect attacks on your web application
• Configure IIS and ASP.NET to constrain buffer overflow, denial of service, and other attacks.
• Write secure database access code.
• Secure databases and database drivers.
• Construct secure HTML markup to limit exposure to cross-site scripting and cross-site request forgery attacks.
• Use structured error handling to prevent failure conditions that open holes or reveal sensitive information. · Integrate XML encryption and apply XML digital signatures.
  
  Your Solutions Membership Gives You Access to:
• Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
• "From the Author" Forum where the authors post timely updates and links to related sites
• These downloadable e-booklets:
  Stealing The Network: How to Own a Continent: Product of Fate: The Evolution of a Hacker
  Special Ops: Host and Network Security for Microsoft, Unix, and Oracle: Hacking Custom Web Applications
  CYA: Securing IIS: Configuring Advanced Web Server Security
  IT Ethics Handbook: Programmers and Analysts

你的網路應用程式真的安全嗎？這本獨特的書籍將引導你了解網路應用程式代碼所面臨的許多威脅，從管理和授權使用者、加密私密資料到過濾使用者輸入和保護 XML。對於每個定義的威脅，書中提供了一系列解決方案和編碼注意事項。此外，它還提供了編碼範例和相應威脅的一套安全策略。

了解你的應用程式所面臨的威脅：
- 開發安全的密碼政策，以及如何在網路應用程式中安全地管理使用者密碼。
- 建立安全的程序來重設遺失或忘記的密碼，並了解如何正確使用密保問題。
- 安全地驗證和授權使用者，充分利用 ASP.NET 的高級功能。
- 限制憑證收集和暴力破解密碼攻擊的風險。
- 安全地管理使用者會話，並學習如何建立強大的使用者身份驗證令牌。
- 使用內建的狀態提供者，並在表單中安全實現視圖狀態。
- 理解 ASP.NET 中廣泛的加密功能，並使用對稱和非對稱加密保護敏感資料。
- 正確地加密和儲存機密資訊到註冊表、檔案或受保護的儲存區。
- 過濾使用者輸入，以防止 SQL 注入、目錄遍歷、跨站腳本和其他應用層攻擊。
- 應用模式匹配和資料反射等技術，以控制對惡意輸入攻擊的風險。
- 配置蜜罐以檢測對你的網路應用程式的攻擊。
- 配置 IIS 和 ASP.NET 以限制緩衝區溢位、拒絕服務和其他攻擊。
- 撰寫安全的資料庫存取程式碼。
- 保護資料庫和資料庫驅動程式的安全性。
- 構建安全的 HTML 標記，以限制跨站腳本和跨站請求偽造攻擊的風險。
- 使用結構化錯誤處理來防止失敗條件，以免出現漏洞或洩漏敏感資訊。
- 整合 XML 加密並應用 XML 數位簽章。

你的解決方案會員資格讓你可以獲得以下內容：
- 全面的常見問題解答頁面，將本書的所有重點整理成易於搜索的網頁。
- 作者論壇，可以與作者交流和討論相關議題。