|
identifying threats, Identify and Prioritize, Table 14-1: STRIDE Threat Categories
Identity, Chapter 2: Role-Based Authorization
IDSs (intrusion detection systems), Detecting That an Attack Has Taken Place or Is in Progress
IIS
attacking with SQL-injection, SQL-Injection Attacks
direct connection attacks on, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)
disabling unecessary services, Disable Unnecessary Internet Services
IUSR_, Restrict IUSR_<computername>, Restrict IUSR_<computername>
locking down, Locking Down IIS, Install URLScan
logging, enabling, Enable IIS Logging
sample sites, Remove Samples
script maps, disabling, Disable Unnecessary Script Maps
SSL sections, specifying, How SSL Works
unnecessary client services, Turn Off Unnecessary Services
URLScan, Automated Tools, Install URLScan
IIS (Internet Information Services)
version 6.0, Microsoft Initiatives
IIS Lockdown tool, Automated Tools, Disable Unnecessary Internet Services, Restrict IUSR_<computername>
ILDasm, Create a Blueprint of Your Application, Table 9-3: Test Tools
Impersonation, Windows Integrated Security Authentication
Index Server, Disable Unnecessary Script Maps
information disclosure attacks, Table 14-1: STRIDE Threat Categories
input
ASP.NET validator controls, Validation Tools Available to ASP.NET Web Applications
attacker goals with, Create a Blueprint of Your Application
direct user input, Direct User Input, Figure 7-1: The error displayed by the RegularExpressionValidator control
exceptions caused by, Where Exceptions Occur
free-form, Direct User Input
identifying sources of, Working with Input Types and Validation Tools
keywords, dangerous, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
kinds of, Chapter 7: Validating Input
nonuser, Nonuser Input
numeric, validating, Parse Method
Request objects, Web Application Input
subroutine input, Input to Subroutines
validation. , see validation
Windows Forms, Validation Tools Available to Windows Forms Applications
installing
practice files, Practice Files
intercepting data attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
intercepting Internet messages, Chapter 5: Securing Web Applications
interception of logon data, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)
Intermediate Language Disassembler (ILDasm.Exe), Create a Blueprint of Your Application, Table 9-3: Test Tools
Internet
encryption for, Encryption in the Real World
Internet applications
security exceptions, Security Features and the Visual Basic .NET Developer
Internet Explorer, Security Zones and Trust Levels
security zones, Security Zones and Trust Levels
Internet zone
.NET Framework version 1.0, Security Zones and Trust Levels
defined, Security Zones and Trust Levels
permissions, Security Zones and Permissions
intranet
architecture recommended, Step 4: Design a Secure Architecture
intranets
Local Intranet zone. , see local intranet zone
Medium Trust security level, Run Your Code in Different Security Zones
security exceptions, Security Features and the Visual Basic .NET Developer
Untrusted Sites zone, adding to, How Visual Basic .NET Determines Zone
Windows integrated security recommended for, Windows Integrated Security Authentication
IP numbers, resolving of, The IPv6 Internet Protocol
IPSec, Locking Down SQL Server
IPv6, The IPv6 Internet Protocol
IPv6 (Internet Protocol version 6), The IPv6 Internet Protocol
isolated storage, Cooperating with the Security System
Isolated Storage Administration tool, Cooperating with the Security System
IsolatedFileStorage, Table 3-4: Permissions for Local Intranet and Trusted Sites Zones
IsolatedStorageFilePermission, Table 3-2: Permissions for Each Zone
IsValid property, Validation Tools Available to ASP.NET Web Applications
IUSR_, Restrict IUSR_<computername>, Restrict IUSR_<computername>
|