|
cabinet (.CAB) files
overview, Cabinet-File Deployment
sandbox with, Table 10-2: Deployment Techniques and Use of the Sandbox
when to use, Table 10-1: Deployment Techniques and When to Use Them_ (continued)
canonical filenames, Enforce Canonical Filenames
CAS., see code-access security
casing
CharacterCasing property, Validation Tools Available to Windows Forms Applications
CERT Web site, No Operating System Is Safe
certificate authorities, Obtain an X.509 Certificate from a Certificate Authority
defined, How SSL Works
viewing, How SSL Works
certificates
CSRs, How SSL Works
defined, How SSL Works
installing, How SSL Works
root certificates, How SSL Works
SSL, How SSL Works
test, obtaining, How SSL Works
validity of, How SSL Works
VeriSign, obtaining from, How SSL Works
certificates., see digital certificates
challenges to designing security, Design Challenges
CharacterCasing property of TextBox, Validation Tools Available to Windows Forms Applications
ChDir keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
ChDrive keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
child-applications attacks, Child-Application Attacks, Use Quotes Around All Path Names
cipher text
defined, Chapter 1: Encryption
class libraries
zone assignments, How Visual Basic .NET Determines Zone
client-server applications
architecture recommended, Step 4: Design a Secure Architecture
spoofing hashes, Hash Digests
clients
auditing, enabling, Enable Auditing
BIOS passwords, Implement BIOS Password Protection
disabling auto logon, Disable Auto Logon
file-sharing software, Remove File-Sharing Software
floppy drives, disabling booting from, Disable Boot from Floppy Drive
locking down, Locking Down Windows Clients, Disable Boot from Floppy Drive
MBSA with, Locking Down Windows Clients
NTFS recommended, Format Disk Drives Using NTFS
screen saver passwords, Use Screen-Saver Passwords
sharing, turning off, Turn Off Unnecessary Sharing
turning off services, Turn Off Unnecessary Services
clsEmployee sample class, Employee Management System
Cobalt server appliance vulnerabilities, No Operating System Is Safe
code
managed, Microsoft Initiatives
code files
encryption demo, Appendix A: Guide to the Code Samples
code samples
EmployeeDatabase.mdb, Appendix A: Guide to the Code Samples
EMS. , see employee management system sample application
practice files for chapters, Appendix A: Guide to the Code Samples
TogglePassportEnvironment utility, Appendix A: Guide to the Code Samples, TogglePassportEnvironment utility, Figure A-12: Changing the Passport environment to pre-production
Web site for, Appendix A: Guide to the Code Samples
code-access security, Chapter 3: Code-Access Security, How Actions Are Considered Safe or Unsafe
chained calls, The Luring Attack
components, restricting, Chapter 3: Code-Access Security
cooperating with system, Cooperating with the Security System
defaults, It’s On By Default
defined, Chapter 3: Code-Access Security
Demands, What Prevents Harmful Code from Executing?, Security Features and the Visual Basic .NET Developer
deploying permissions, Windows Installer Deployment
deployment, Code-Access Security and Deployment, Deploy and Run Your Application in the .NET Security Sandbox
deployment options, Ensuring That Your Code Will Run Safely
digital signatures, Ensuring That Your Code Will Run Safely
evidence, How Actions Are Considered Safe or Unsafe, Security Zones and Trust Levels
file access sample, Run Your Code in Different Security Zones
functions blocked by default, It’s On By Default
goals of, Chapter 3: Code-Access Security, What Code-Access Security Is Meant To Protect
highly-trusted applications, How Actions Are Considered Safe or Unsafe
highly-untrusted applications, How Actions Are Considered Safe or Unsafe
Internet Explorer zones, Security Zones and Trust Levels
Internet warning, How Actions Are Considered Safe or Unsafe
isolated storage, Cooperating with the Security System
loading options for applications, Ensuring That Your Code Will Run Safely
location factor, How Actions Are Considered Safe or Unsafe
luring attacks, The Luring Attack
modifying policy, Ensuring That Your Code Will Run Safely
network share file access, Run Your Code in Different Security Zones
next generation applications, Code-Access Security in the Real World
OS restrictions, OS Security Restrictions Preempt Everything, Code-Access Security Preempts Application Role-Based Security
permission types, How Actions Are Considered Safe or Unsafe
preemption of roles, Code-Access Security Preempts Application Role-Based Security
preventing execution, means of, What Prevents Harmful Code from Executing?
purpose of, Chapter 3: Code-Access Security
role-based security, compared to, Code-Access Security vs. Application Role-Based Security
safe v. unsafe actions, How Actions Are Considered Safe or Unsafe
sandboxes, Deploy and Run Your Application in the .NET Security Sandbox
security zones, Security Zones and Trust Levels, Table 3-3: Full Trust Permissions Granted to My Computer Zone
SecurityException, Run Your Code in Different Security Zones
settings, storing, Cooperating with the Security System
single computer, applications on, Run Your Code in Different Security Zones
system components, Security Features and the Visual Basic .NET Developer
tactics for critical operations, Ensuring That Your Code Will Run Safely
trust, How Actions Are Considered Safe or Unsafe
trust levels, Security Zones and Trust Levels, Table 3-3: Full Trust Permissions Granted to My Computer Zone
unexpected results from, Security Features and the Visual Basic .NET Developer
Windows Installer for permissions with, Deploy and Run Your Application in the .NET Security Sandbox
collisions, How Does a Hash Digest Work?
column level authorization, SQL Server Authorization
COM interop– based exceptions, Global Exception Handlers
commenting code, Respond to Threats
CompareValidator, Table 7-1: Validator Controls Available for ASP.NET
components
diagramming for threat analysis, Draw Architectural Sketch and Review for Threats
conflicts, multiuser., see multiuser conflicts
constants
viewing by disassembly, Create a Blueprint of Your Application
control systems, Is It a Bug, or an Attack from a Criminal Mastermind?
controls
validating input of, Validation Tools Available to ASP.NET Web Applications
Cookie Pal, Table 9-3: Test Tools
cookies
attacks with, Draw Architectural Sketch and Review for Threats, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)
Forms authentication generated, Forms Authentication
Cookies collection, Web Application Input
costs
increasing, trend of, What Happens Next?
CPU starvation attacks, Table 6-1: Forms of DoS Attacks, Table 6-2: DoS Defensive Techniques
crashed applications
DoS attacks creating, Table 6-1: Forms of DoS Attacks, Table 6-2: DoS Defensive Techniques
crashes
exceptions caused by, Where Exceptions Occur
Create keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
credit cards
design principles, Securing Web Applications in the Real World
cross-site scripting attacks, Cross-Site Scripting Attacks
dangerous HTML scripts, Cross-Site Scripting Attacks
defensive techniques, Defensive Techniques for Cross-Site Scripting Attacks, Check All Input for Content and Length
defined, Cross-Site Scripting Attacks
escape sequences, Use Server.HtmlEncode and Server.UrlEncode
HTML entities, Use Server.HtmlEncode and Server.UrlEncode
HTML link creation for, When HTML Script Injection Becomes a Problem
input length checks, Check All Input for Content and Length
inserting false logon pages, When HTML Script Injection Becomes a Problem
problems with HTML, When HTML Script Injection Becomes a Problem
Request.QueryString, Use Server.HtmlEncode and Server.UrlEncode
Server.HtmlEncode, Use Server.HtmlEncode and Server.UrlEncode, Important
Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode, Important
testing against, Create Scenarios Based on Inroads for Attack
turning off Request object validation, Cross-Site Scripting Attacks
ValidateRequest attribute, Cross-Site Scripting Attacks, Use Server.HtmlEncode and Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode
VB .NET 2003 protection from, Cross-Site Scripting Attacks
vulnerable application example, Cross-Site Scripting Attacks
CSRs (certificate signing requests), How SSL Works
currency
validating, Parse Method
CustomValidator, Table 7-1: Validator Controls Available for ASP.NET
cyber-terrorism, Cyber-Terrorism
|