|
Dashboard sample form, Employee Management System
data authentication, The IPv6 Internet Protocol
Data Encryption Standard., see triple-des
data or input tampering attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
databases
Access authentication, Microsoft Access Authentication and Authorization, Microsoft Access User-Level Security Models
administrating accounts, SQL Server Authentication
authentication, Core Database Security Concepts, SQL Server Authentication, How SQL Server Assigns Privileges, Microsoft Access Authentication and Authorization, Microsoft Access User-Level Security Models
authorization, Core Database Security Concepts, SQL Server Authorization, Microsoft Access User-Level Security Models
blank password problem, SQL Server Authentication
changing to Windows Authentication, SQL Server Authentication
column-level authorization, SQL Server Authorization
importance of, Chapter 12: Securing Databases
locking down, Core Database Security Concepts
logons, setting up, SQL Server Authentication
Mixed Mode authentication, SQL Server Authentication
permissions for, Microsoft Access User-Level Security Models
privilege assignment, How SQL Server Assigns Privileges
removing unencrypted fields, Hiding Unnecessary Information
row-level authorization, SQL Server Authorization
sample for exercises, Practice Files
single authentication method, SQL Server Authentication
SQL authentication. , see sql server authentication
table-level authorization, SQL Server Authorization
testing security of, Create Scenarios Based on Inroads for Attack
dates
validating, Parse Method
debugging features
self-testing code from, Writing Self-Testing Code
Declare keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
decomposing, Take the Attacker’s View
decryption
defined, Chapter 1: Encryption
private key, Private Key Encryption
default behavior, Step 7: Design for Simplicity and Usability
default installations
lack of security of, Chapter 11: Locking Down Windows, Internet Information Services, and .NET
delay signing, Delay Signing—Securing Your Build Process, Strong Naming, Certificates, and Signing Exercise
Delete keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
Demands, What Prevents Harmful Code from Executing?, Security Features and the Visual Basic .NET Developer
demilitarized zones (DMZs), Step 4: Design a Secure Architecture
denial of service (DoS) attacks, Denial of Service Attacks
.NET vulnerability to, Denial of Service Attacks
application crash form, Table 6-1: Forms of DoS Attacks, Table 6-2: DoS Defensive Techniques
CPU starvation attacks, Table 6-1: Forms of DoS Attacks, Table 6-2: DoS Defensive Techniques
defending against, Defensive Techniques for DoS Attacks, Defending Against Memory and Resource DoS Attacks
defined, Denial of Service Attacks
forms of, Denial of Service Attacks, Table 6-1: Forms of DoS Attacks
input, limiting, Defending Against Memory and Resource DoS Attacks
memory starvation form, Table 6-1: Forms of DoS Attacks, Table 6-2: DoS Defensive Techniques, Defending Against Memory and Resource DoS Attacks
mitigation techniques for, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
network bandwidth starvation form, Table 6-1: Forms of DoS Attacks
on domain-name servers, Cyber-Terrorism
requests, limiting, Defensive Techniques for DoS Attacks
resource starvation form, Table 6-1: Forms of DoS Attacks, Table 6-2: DoS Defensive Techniques, Defending Against Memory and Resource DoS Attacks
SQL-injection for, SQL-Injection Attacks
system crash form, Table 6-1: Forms of DoS Attacks
denial of service attacks, Chapter 3: Code-Access Security
defined, Chapter 3: Code-Access Security
denial of services (DoS) attacks
stress testing to prevent, Stress Testing
deployment
.NET Framework Configuration tool, Deploy .NET Enterprise Security Policy Updates
.NET security policy updates, Deploying .NET Security Policy Updates, Deploy .NET Enterprise Security Policy Updates
ActiveX components, Windows Installer Deployment
ASP.NET Web server applications, Strong Naming, Certificates, and Signing Exercise
Authenticode signing, Authenticode Signing, Incorporate Authenticode Signing in Your Build Process
cabinet files, Cabinet-File Deployment, Table 10-1: Deployment Techniques and When to Use Them_ (continued)
cabinet files , Cabinet-File Deployment
certificates. , see digital certificates
checklist for, Deployment Checklist
code-access security, Code-Access Security and Deployment, Deploy and Run Your Application in the .NET Security Sandbox
code-access security considerations, Ensuring That Your Code Will Run Safely
code-access security permissions, Windows Installer Deployment
custom .MSI deployment packages, Deploy .NET Enterprise Security Policy Updates
delay signing, Delay Signing—Securing Your Build Process, Strong Naming, Certificates, and Signing Exercise
fixes for attacks, Prepare for a Response
Internet distribution, advantages of, Certificates and Signing
measures to secure, list of, Chapter 10: Securing Your Application for Deployment
methods of, Deployment Techniques, Table 10-1: Deployment Techniques and When to Use Them_ (continued)
no-touch, No-Touch Deployment, Table 10-1: Deployment Techniques and When to Use Them_ (continued)
packaging costs, Certificates and Signing
real-world considerations, Deployment in the Real World
sample application, Strong Naming, Certificates, and Signing Exercise
setup packages, signing, Strong Naming, Certificates, and Signing Exercise
timestamp services, Strong Naming, Certificates, and Signing Exercise
user options, allowing, Windows Installer Deployment
viewing certificates, Strong Naming, Certificates, and Signing Exercise
Windows Installer, Windows Installer Deployment, Table 10-1: Deployment Techniques and When to Use Them_ (continued)
XCopy for, XCopy Deployment, Table 10-1: Deployment Techniques and When to Use Them_ (continued)
Deployment Wizard, Microsoft Visual Studio .NET, Windows Installer Deployment
DES., see triple-des
design steps, Chapter 13: Ten Steps to Designing a Secure Enterprise System
missteps, Chapter 13: Ten Steps to Designing a Secure Enterprise System
architectural security, Step 4: Design a Secure Architecture, If You Do Nothing Else…
back doors, eliminating, Step 8: No Back Doors
beginning with security, Step 2: Design and Implement Security at the Beginning
believing attacks will come, Step 1: Believe You Will Be Attacked
challenges to, Design Challenges
firewalls, Step 9: Secure the Network with a Firewall
level of security, picking, Step 2: Design and Implement Security at the Beginning
maintenance considerations, Step 10: Design for Maintenance
minimum security measures in architecture, If You Do Nothing Else…
missteps, Chapter 13: Ten Steps to Designing a Secure Enterprise System
modeling vulnerabilities, Step 5: Threat-Model the Vulnerabilities
named-pipes v. TCP/IP, Named-Pipes vs. TCP-IP
off switches, Step 10: Design for Maintenance
overview, Chapter 13: Ten Steps to Designing a Secure Enterprise System
serious attitude development, Step 1: Believe You Will Be Attacked
simplicity, Step 7: Design for Simplicity and Usability
team education, Step 3: Educate the Team
threat analysis, Analyze for Threats and Vulnerabilities
usability, Step 7: Design for Simplicity and Usability
Windows OS security features, Step 6: Use Windows Security Features
detecting attacks, Detection
anomaly detection, Detecting That an Attack Has Taken Place or Is in Progress
confidence in, Determining Whether to Trust Your Detection Mechanisms
early detection, Early Detection
exception handlers, Detecting That an Attack Has Taken Place or Is in Progress
feedback to users, Early Detection
following the attack, Detecting That an Attack Has Taken Place or Is in Progress
hardware inventories, Detecting That an Attack Has Taken Place or Is in Progress
human factors, Humans: The Key to Success
IDSs for, Detecting That an Attack Has Taken Place or Is in Progress
in-progress, Detecting That an Attack Has Taken Place or Is in Progress
logging activity, Early Detection, Detecting That an Attack Has Taken Place or Is in Progress
monitoring news groups, Early Detection
overview of, Detection
real-world considerations, Security Threats in the Real World
reboots, unscheduled, Detecting That an Attack Has Taken Place or Is in Progress
redundancy, Determining Whether to Trust Your Detection Mechanisms
signature detection, Detecting That an Attack Has Taken Place or Is in Progress
snapshots of data, Determining Whether to Trust Your Detection Mechanisms
deterence
defined, Analyze for Threats and Vulnerabilities
development team, education of, Step 3: Educate the Team
device names, use in attacks, Enforce Canonical Filenames
digital certificates, Certificates and Signing
application integrity assurance, Authenticode Signing
Authenticode signing, Authenticode Signing, Incorporate Authenticode Signing in Your Build Process
hash value security policy attribute, Table 10-4: Attributes Used to Grant Permissions
private keys for, Obtain an X.509 Certificate from a Certificate Authority, Keep Your Private Keys Safe
publisher identity, Authenticode Signing
publisher identity security policy attribute, Table 10-4: Attributes Used to Grant Permissions
purpose of, Digital Certificates
sample application, Strong Naming, Certificates, and Signing Exercise
setup packages, Strong Naming, Certificates, and Signing Exercise
signatures, checking, When the Authenticode Signature Is Checked
Software Publisher Certificates, Obtain an X.509 Certificate from a Certificate Authority, Strong Naming, Certificates, and Signing Exercise
test certificate creation, Strong Naming, Certificates, and Signing Exercise
timestamp services, Strong Naming, Certificates, and Signing Exercise
viewing, Strong Naming, Certificates, and Signing Exercise
X.509, X.509 Certificate, Keep Your Private Keys Safe
Dir keywod, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
direct user input, Direct User Input, Figure 7-1: The error displayed by the RegularExpressionValidator control
directories
restricting access to, ASP.NET Authentication and Authorization
directory security for private key encryption, Keeping Private Keys Safe
directory-based attacks, File-Based or Directory-Based Attacks, Enforce Canonical Filenames
DirectoryServicesPermission, Table 3-3: Full Trust Permissions Granted to My Computer Zone
disabling auto logon, Disable Auto Logon
disassembling code, Create a Blueprint of Your Application
disk space attacks., see resource starvation attacks
distributed architecture recommended, Step 4: Design a Secure Architecture
DLL spoofing, Create Scenarios Based on Inroads for Attack
DLLs
strong-named, Strong-Named Visual Basic .NET .DLLs and Partial Trust
DMZs (demilitarized zones), Step 4: Design a Secure Architecture
DNS permission, Table 3-2: Permissions for Each Zone, Table 3-4: Permissions for Local Intranet and Trusted Sites Zones
documentation
code comments, Respond to Threats
threat analysis, Plan and Document Your Threat Analysis
domain controllers
locking down, Isolate Domain Controller
domain-name system root servers, Cyber-Terrorism
DoS attacks., see denial of service (dos) attacks
DoS., see denial of service attacks
DPAPI encryption
functions, sample, DPAPI Encryption
drives
NTFS formatting, Format Disk Drives Using NTFS
sharing, locking down, Turn Off Unnecessary Sharing
DumpBin, Table 9-3: Test Tools
dynamic loading
attacks against, Child-Application Attacks, Use Quotes Around All Path Names
|