Index_P


P

P/Invoke, 216
packets
destined for multiple hosts , 762
fragmented , 761
page and directory access control, 284
page classes, 634
page level or application level error handlers, 294
Page<customErrors> elementError event, 294
<pages> element
ASP.NET application and Web services, 569
and view states, 291
Web server configuration, 658
Page.ViewStateUserKey property
to counter one-click attacks, 292
setting for view state, 292
parameter manipulation
ASP.NET, 290293
attacks, 9394
attacks described, 3940
checklists, 693, 698, 706
described, 258259
remoted components , 351
secure Web services, 322, 339
vulnerabilities, 120121
parameters
batching , 378
objects passing as, 639
type safe, 377
parameters collection
with dynamic SQL, 378
with stored procedures, 377
parent paths
setting, Web server configuration, 655
setting Web servers, 453454
partial trust
ASP.NET, 224225
considerations, 171
identifying environments, 151
supporting callers , 152
partial trust Web applications
approaches, 234
developing, 231232
partial trust callers, 622623
partitioning of Web sites, 261
partners and service providers, 682683
PassportIdentity type, 141
PasswordDeriveBytes, 175, 179
passwords
blank, 641
cracking, 505
cracking described, 22
do not send in plaintext, 82
need for expiration, 82
need for strength in, 82
one-way hashes, 283
policy default and recommended settings, 517
scans with Baseline Security Analyzer, 793
secure Web services, 334
storing hashes, 659
storing with salt, 388
system administrators, 530
user stores, 82
using attributes safely, 288
Web servers policies, 444
patch management. See also MBSA
acquiring, 751752
assessing, 751
backups , 746
deploying, 752
detecting, 748750
how to implement, lxviii, 745754
testing, 752
patches. See also updates
application server, 489490
checklists, 723, 729
data server configuration, 671
database servers, 511512, 537
detecting with MBSA, 434
developer workstations, 768770
network security, 409, 413, 416
to secure developer workstations, 768
vulnerabilities, 427
Web server configuration, 645
Web servers, 427, 434, 470
Web sites, 683
Path .GetFilePath function, 206
per user data, 89
performance, 201
PerformanceCounterPermission, 143
perimeter networks, 415416
permission requests , 188189
and policy grants, 188
permission sets, 186
without elements, 228
permissions. See also code access
ASP.NET application and Web services, 554
assembly, 817
checklists, 703704
code access security, 184
configuring on the SQL Server install directories, 673
custom, 199
dangerous, 627
database servers, 531
delegates, 218
demands, 625
Everyone, 673
how to create custom encryption permission, 805822
identity, 184
minimum, 624
optional, 624
Read, 455
refuse , 624
removing for the public role, 676
requesting in code access security, 194196
restricted and unrestricted, 184
and unrestricted permissions, 229
write, 456
PermitOnly
code access permission classes, 185
using to restrict file I/O, 206
Persist Security Info attribute, 385, 641
persisted keys, 177
persistent cookies, 90
personalization cookies, 282
pitfalls in IISLockdown, 799
PlaceOrder method, 212
plaintext
credentials and networks, 358
passwords in configuration files, 288
storing sensitive data in, 88
platform level authentication, 344
secure Web services, 332
policies
code access security, 185
customizing for ASP.NET, 235, 238
customizing for medium trust, 250251
evaluating at policy levels, 187189
using permission grants, 205
policy files, 227229
policy grants, 188
policy level, 189190
policy permissions and trust levels, 233234
port 80, 543, 779
port 443, 779
port 1433, 783
port 1434, 783
ports
application server, 491
and authentication, 777786
checklists, 725, 731
configuration in Enterprise Services, 482
data server configuration, 674
database servers, 522
defining ranges, 315, 483
ranges, 491
vulnerabilities, 428
Web server configuration, 649650
Web server configuration
considerations, 668669
Web servers, 428, 449
positioning of this guide, lviiilix
PPTP, 439
pre-shared secret key and IPSec, 784
principal and identity objects per authentication type, 134
principal demands on classes and methods , 284
principal objects, 134
and custom authentication, 639
per authentication type, 134
role-based security, 134
principal-based role checks, 360
PrincipalPermission
objects, 134136
table, 143
PrincipalPermissionAttribute type, 135
principals defined, 4
PrintingPermission, 143, 233
privacy, 91
and integrity requirements, 325
private access modifier, 153
private assemblies, 230
privileged code, 149
code access, 193
code access security, 193
identifying, 54, 150
sandboxing , 152153, 236239
privileged commands, 767
privileged operations, 150
and associated permissions, 194
code access, 194
code access security, 194
code review, 635
exposing, 625
identifying, 151
privileged resources, 150
code access security, 193
identifying, 151
privileges
escalating, 1516
restricting, 87
process accounts, 109
process identity, 556558
<processModel> element, 310
to configure the impersonation level, 306
least privileged accounts, 663
in Machine.config, 545
process identity, 556558
Web server configuration, 663
<processModel> element encrypting credentials, 663
<processModel userName = password= />, 546
product life cycle, lii, lxxix
production servers
and <credentials> element, 659
installation considerations, 729
profiling, 423
programmatic authorization, 336
programmatic impersonation, 286287
properties, exposing fields with, 154, 617
Protection="all", ASP.NET application and Web services, 561
protocols
checklists, 724, 730
data server configuration, 671
database servers, 513514
network security, 410
vulnerabilities, 428
Web server configuration, 645646
Web servers, 428, 440
and WebDAV, 646
<protocols> element, 574
proxy considerations
checklists, 707
secure Web services, 341342
proxy credentials configuration, 639
public access modifier, 153
public areas, 81
public interfaces, 153
public keys, 198
public roles, 531
public types, 623



Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net