Index_U
U
UDL files, 386
UDP port 1434, 783
UIPermission, 143
unattended execution, 798799
unauthorized access
to administration interfaces, 33
application server, 478479
to assemblies, 147
to configuration stores, 34
data access, 371372
described, 23
remoted components , 349350
secure Web services, 321
serviced components, 301
Web servers, 424
unauthorized callers , 382
unauthorized code
code review, 641
restricting, 382
unauthorized server access, 504505
UNC shares
ASP.NET application and Web services, 581582
hosting, 602
unconstrained delegation, 306307
serviced components, 301
unicode character validation, 275
Universal Naming Convention, 555 ( see also UNC)
unmanaged APIs, 169, 615
sandboxing calls, 215216
unmanaged code
access checklists, 738739
assemblies, 168169
asserting permission, 628
code access security, 214217
code review, 628629
\GS switch, 169
how to call, lxvii
methods , 629
requesting permissions, 215
UnmanagedCodePermission, 199
unrestricted permissions, 184
and permission state, 229
unsafe classes, 215
\unsafe option, 627
unsafeAuthenticationConnectionSharing, 358
unused accounts, 516
unused interfaces, 678
unused services, 679
updates. See also MBSA; patches
application server, 489490
Baseline Security Analyzer, 790791
checklists, 723
developer workstations, 768770
network security, 413, 416
to secure developer workstations, 768
vulnerabilities, 427
Web server configuration, 645
Windows, 768
<URI> element, 249250
URL authorization, 138139, 563
ASP.NET application and Web services, 564565
for page and directory access control, 284
Web pages and controls, 279
UrlAuthorizationModule, 336
to control access to Web service files, 336
URL behavior property, 342
URLs
absolute, 282
code access security, 183
identifying code that handles, 611
for navigating, 282
URLScan
ASP.NET application and Web services, 547
configuring and removing, 802
for cross-site scripting, 276
how to use, 801804
installed with VS.NET, 803
installing, 801802
installing without running IISLockdown, 437438
masking content headers, 803
pitfalls, 804
securing for developer workstations, 771772
Web server configuration, 652653
Web servers, 437438
useAuthenticatedConnectionSharing property, 357
useDefaultCredentials property, 356
user access control, 359360
user authorization, 360
user controls, 263
user keys, 176177
user name and password, 334
user objects, 137
user security, 131
user stores, 82
userName attribute, 288
utilities
database servers, 520
Web servers, 447
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 613
Pages: 613
Authors: Microsoft Corporation