|
packet sniffing tools, Chapter 5: Securing Web Applications
Page objects
IsValid property, Validation Tools Available to ASP.NET Web Applications
Page_Load events
https, setting to, How SSL Works
Params collection, Web Application Input, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
Parse method, Parse Method
partially trusted DLLs, Strong-Named Visual Basic .NET .DLLs and Partial Trust
passphrases, Keeping Private Keys Safe
Passport authentication
advantages of, Passport Authentication
best use for, ASP.NET Authentication in the Real World
defined, Table 4-1: Authentication Types for ASP.NET Applications
getting a passport, Install the Passport SDK
live environment restoration, Install the Passport SDK
MSN Messenger with, Passport Authentication
PassportIdentity object, Passport Authentication
preproduction environment, Passport Authentication
preproduction passport signup, Install the Passport SDK
soft sign-ins, Install the Passport SDK
PassportIdentity objects, The Identity and Principal Objects, Chapter 2: Role-Based Authorization
password-cracking attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
PasswordChar property of TextBox, Validation Tools Available to Windows Forms Applications
passwords
Access database authentication, Microsoft Access Authentication and Authorization
authenticating, Encryption in the Real World
BIOS, Implement BIOS Password Protection
blank in connection strings, Table 3-3: Full Trust Permissions Granted to My Computer Zone
blank, SQL, SQL Server Authentication
constants, stored as, Create a Blueprint of Your Application
hash digest function for, Hash Digests
hash digests for, Hash Digests
hiding entry of, Hiding Unnecessary Information
IIS version 6.0, Microsoft Initiatives
mitigating threats, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
removing fields from databases, Hiding Unnecessary Information
screen saver, Use Screen-Saver Passwords
SQL Server, Locking Down SQL Server
strong, Fundamental Lockdown Principles
time-outs for accepting, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
tools for cracking, Table 9-3: Test Tools
unencrypted, dangers of, Hash Digests
verifying with hash digests, Hash Digests
patches
not installing, reasons for, The Arms Race of Hacking
recommended, If You Do Nothing Else…
patches, OS security, Fundamental Lockdown Principles
paths
GetFullPath method, Enforce Canonical Filenames
noncanonical, Enforce Canonical Filenames
parsing in Windows, Child-Application Attacks
PEAP (Protected Extensible Authentication Protocol), Microsoft Initiatives
people as a design challenge, Design Challenges
PerformanceCounterPermission, Table 3-3: Full Trust Permissions Granted to My Computer Zone
permissions
Access, Microsoft, Microsoft Access User-Level Security Models
code-access.. , see code-access security
Full Trust, Security Zones and Permissions, Table 3-3: Full Trust Permissions Granted to My Computer Zone
full, granting, Update .NET Enterprise Security Policy
Local Intranet zone, Local Intranet, Internet, and Trusted Sites Zones
modifying policy, Ensuring That Your Code Will Run Safely
policy manager, Update .NET Enterprise Security Policy
purpose of, Permissions—The Basis of What Your Code Can Do
security policy attributes, table of, Update .NET Enterprise Security Policy
security zones granting, Security Zones and Trust Levels, Table 3-3: Full Trust Permissions Granted to My Computer Zone
SQL Server, SQL Server Authorization, Locking Down SQL Server
testing for appropriate, Test in the Target Environment
trust level defaults, Security Zones and Permissions
Trusted Sites zone, Local Intranet, Internet, and Trusted Sites Zones
version differences, Local Intranet, Internet, and Trusted Sites Zones
physical security
locking down, Fundamental Lockdown Principles
plain text
defined, Chapter 1: Encryption
planning
threat analysis, Plan and Document Your Threat Analysis
policy manager, Update .NET Enterprise Security Policy
ports
commonly used, table of, Step 9: Secure the Network with a Firewall
firewalls for restricting, Step 9: Secure the Network with a Firewall
posing as users attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
practice file installation, Practice Files
practice files for chapters, Appendix A: Guide to the Code Samples
Principal, Chapter 2: Role-Based Authorization
principle of least privilege, Chapter 2: Role-Based Authorization
printing
permission for, Table 3-2: Permissions for Each Zone, Table 3-4: Permissions for Local Intranet and Trusted Sites Zones
prioritizing threats, Prioritize Threats
privacy
trends in, Privacy vs. Security
private key encryption, Private Key Encryption
applications for, Private Key Encryption
brute force attacks on, Keeping Private Keys Safe
decryption function, Private Key Encryption
defined, Private Key Encryption
DES. , see triple-des
directory security, Keeping Private Keys Safe
encrypting keys, Keeping Private Keys Safe
export restrictions, Export Restrictions on Encryption
function, creating, Private Key Encryption
functions, sample, Private Key Encryption
installation issues, Keeping Private Keys Safe
login credentials as keys, Keeping Private Keys Safe
safety of keys, Keeping Private Keys Safe
storing data with, Private Key Encryption
storing keys safely, Keeping Private Keys Safe
private keys
SSL, How SSL Works
privileges
child-application attacks, effects on, Child-Application Attacks
elevating, attack by, Chapter 3: Code-Access Security
SQL Server, How SQL Server Assigns Privileges
testing for appropriate, Test in the Target Environment
profiling, Take the Attacker’s View
profiling tools, Table 9-3: Test Tools
Protected Extensible Authentication Protocol (PEAP), Microsoft Initiatives
PSNs (Processor serial numbers), Privacy vs. Security
public function vulnerability, Create Scenarios Based on Inroads for Attack
public key encryption, Public Key Encryption
defined, Public Key Encryption
functions for, creating, Public Key Encryption
functions, sample, Public Key Encryption
private key component of, Public Key Encryption
purpose of, Public Key Encryption
RSA algorithm for, Public Key Encryption
slowness of, Public Key Encryption
Public keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
Public methods
bypassing UI attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
publisher identity security policy attribute, Table 10-4: Attributes Used to Grant Permissions
PWDump, Table 9-3: Test Tools
|