Index_S

Previous page
Table of content
Next page


S

sa account, Locking Down SQL Server

SQL-injection attacks, SQL-Injection Attacks

sandboxes, Deploy and Run Your Application in the .NET Security Sandbox

scalability

DoS attacks, mitigating, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them

scenarios, attack, Plan of Attack—The Test Plan

attacker’ s view, taking, Take the Attacker’s View

brainstorming, Brainstorm—Generate Security-Related Scenarios, Create Scenarios Based on Inroads for Attack

creating based on inroads, Create Scenarios Based on Inroads for Attack

defined, Plan of Attack—The Test Plan

generating tests for, Generate Tests, Filter and Prioritize Tests for Each Scenario

including all in testing, Get Focused—Prioritize Scenarios

prioritizing, Get Focused—Prioritize Scenarios, Prioritize Security-Related Scenarios Based on Threats

relevance of tests to, Filter and Prioritize Tests for Each Scenario

threat prioritization, Prioritize Security-Related Scenarios Based on Threats

scoped addresses, The IPv6 Internet Protocol

screen saver passwords, Use Screen-Saver Passwords

script kiddies, What Happens Next?

scripts

disabling, Take the Attacker’s View

Secure Hashing Algorithm., see sha-1

secure sockets layer., see ssl (secure sockets layer)

Security Adjustment Wizard

opening, Run Your Code in Different Security Zones

security policy

changing, Ensuring That Your Code Will Run Safely

security policy updates, Deploying .NET Security Policy Updates, Deploy .NET Enterprise Security Policy Updates

security zones, Security Zones and Trust Levels

ASP.NET, Table3-5: Security Zone Assignments for .NET Applications, How Visual Basic .NET Determines Zone

code-access permissions granted in, Security Zones and Trust Levels, Table 3-3: Full Trust Permissions Granted to My Computer Zone

default trust levels, Security Zones and Trust Levels

determination of by .NET, How Visual Basic .NET Determines Zone

Internet, Security Zones and Trust Levels, Security Zones and Permissions

Internet Explorer, Security Zones and Trust Levels

loading options for applications, Ensuring That Your Code Will Run Safely

Local Intranet, Security Zones and Trust Levels, Security Zones and Permissions, Local Intranet, Internet, and Trusted Sites Zones

My Computer, Security Zones and Trust Levels, Security Zones and Permissions

showing available, Run Your Code in Different Security Zones

symbols for, Security Zones and Trust Levels

trust levels, changing, Security Zones and Permissions

Trusted Sites, Security Zones and Trust Levels, Security Zones and Permissions, Local Intranet, Internet, and Trusted Sites Zones

Untrusted Sites, Security Zones and Trust Levels, Security Zones and Permissions

Windows Forms assignments, How Visual Basic .NET Determines Zone, Table3-5: Security Zone Assignments for .NET Applications

SecurityLibrary.vb, Hash Digests

functions of, Appendix B: Contents of SecurityLibrary.vb, Validating Input

SecurityPermission, Table 3-2: Permissions for Each Zone, Table 3-4: Permissions for Local Intranet and Trusted Sites Zones

self-testing code, Table 9-2: General Testing Approaches, Writing Self-Testing Code

servers

locking down, Locking Down Windows Servers, Install a Firewall

service packs, Fundamental Lockdown Principles

ServerVariables collection, Web Application Input

service packs, Fundamental Lockdown Principles, Locking Down .NET

maintaining, Step 10: Design for Maintenance

Microsoft Access, Locking Down Microsoft Access

ServiceControllerPermission, Table 3-3: Full Trust Permissions Granted to My Computer Zone

settings

storing, access issues, Cooperating with the Security System

SHA-1, Hash Digests

defined, Hash Digests

display format for hashes, Hash Digests

function for, Hash Digests

function returning, Hash Digests

hash digests, Hash Digests

verification with, Hash Digests

shares

turning off unnecessary, Turn Off Unnecessary Sharing

Shell command, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)

Shell function

code-access default for, It’s On By Default

Shell statements

attacks against, Child-Application Attacks, Use Quotes Around All Path Names

Show function

code-access default for, It’s On By Default

SignCode.exe, Strong Naming, Certificates, and Signing Exercise

simplicity, Step 7: Design for Simplicity and Usability

Slammer worm

fix for, The Arms Race of Hacking

history of, The Arms Race of Hacking

SMTPSVC service, Turn Off Unnecessary Services

social engineering attacks, What Happens Next?

sockets

permission for using, Table 3-3: Full Trust Permissions Granted to My Computer Zone

Software Publisher Certificates, Obtain an X.509 Certificate from a Certificate Authority, Strong Naming, Certificates, and Signing Exercise

source code, attackers accessing, Create a Blueprint of Your Application

spoofing

hashes, Hash Digests

spoofing attacks, Table 14-1: STRIDE Threat Categories

SQL Server

access restriction, Locking Down SQL Server

account for running, Locking Down SQL Server

auditing, Locking Down SQL Server

authorization, SQL Server Authorization

clustering, Named-Pipes vs. TCP-IP

directory access, restricting, Locking Down SQL Server

encryption for, Locking Down SQL Server

IPSec, Locking Down SQL Server

locking down, Locking Down SQL Server, Figure 12-4: Turn on auditing in SQL Server Enterprise Manager

logging, Locking Down SQL Server

named-pipes v. TCP/IP, Named-Pipes vs. TCP-IP

passwords, Locking Down SQL Server

permissions, SQL Server Authorization, Locking Down SQL Server

port for, Step 9: Secure the Network with a Firewall

SA account, Locking Down SQL Server

sample database for, Migrating the Employee Database to SQL Server 2000

stored procedures for authorization, SQL Server Authorization

stored procedures, adding to, Migrating the Employee Database to SQL Server 2000

system commands, danger of, Locking Down SQL Server

xp_cmdshell, Locking Down SQL Server

SQL Server authentication, SQL Server Authentication

administration considerations, SQL Server Authentication

administrative permission privileges, How SQL Server Assigns Privileges

advantages of Windows Authentication for, SQL Server Authentication

blank passwords, SQL Server Authentication

changing Mixed to Windows Authentication, SQL Server Authentication

default users, How SQL Server Assigns Privileges

determining logged-on users, Determining Who Is Logged On

groups, adding, SQL Server Authentication

guest user, How SQL Server Assigns Privileges

logons, setting up, SQL Server Authentication

mechanisms for, SQL Server Authentication

Mixed Mode, SQL Server Authentication

public role, How SQL Server Assigns Privileges

roles, How SQL Server Assigns Privileges

SQL Server authorization

privilege assignment, How SQL Server Assigns Privileges

users, adding, How SQL Server Assigns Privileges

SQL Server Profiler, Table 9-3: Test Tools

SQL Server 2000

buffer overruns, The Arms Race of Hacking

SQL Slammer attacks

socket packet prelude to, Early Detection

SQL Slammer worm, Step 1: Believe You Will Be Attacked

SQL-injection attacks, SQL-Injection Attacks

application execution with, SQL-Injection Attacks

defensive techniques, Defensive Techniques for SQL-Injection Attacks, Add a Stored Procedure to Validate the User

defined, SQL-Injection Attacks

EMS sample defense, Add a Stored Procedure to Validate the User

example of, SQL-Injection Attacks

final parameter checks, Add a Stored Procedure to Validate the User

IIS, stopping, SQL-Injection Attacks

input validation, Validate Input Parameters

least privilege principle with, SQL-Injection Attacks

logon issues, SQL-Injection Attacks

Microsoft Access databases, SQL-Injection Attacks

parameterized query defense, Use Parameterized Queries

sa account, SQL-Injection Attacks

stored procedure defense, Add a Stored Procedure to Validate the User

testing against, Create Scenarios Based on Inroads for Attack

user names, SQL-Injection Attacks

xp_cmdshell command, SQL-Injection Attacks

SqlClientPermission, Table 3-3: Full Trust Permissions Granted to My Computer Zone

SSL (secure sockets layer), Secure Sockets Layer, Securing Web Services

adding to applications, How SSL Works

advantages of, Secure Sockets Layer

bidirectionality of, Secure Sockets Layer

browser support for, Secure Sockets Layer

certificates for, How SSL Works

disadvantages of, Secure Sockets Layer

ease of implementation, Secure Sockets Layer

https\, Secure Sockets Layer, How SSL Works

IIS sections, specifying for, How SSL Works

methodology of, How SSL Works

Page_Load events for, How SSL Works

private key generation, How SSL Works

purpose of, Secure Sockets Layer

requirements, software, How SSL Works

resources, consumption of, Secure Sockets Layer

setting up, references for, How SSL Works

speed, effects on, Secure Sockets Layer

SQL Server with, Locking Down SQL Server

validating input, Web-Based Input Attacks and SSL

Web services using, Securing Web Services

staff as a design challenge, Design Challenges

steps for designing security., see design steps

storage

isolated, Cooperating with the Security System

stored procedures

adding to SQL Server, Migrating the Employee Database to SQL Server 2000

SQL-injection attack defense, Add a Stored Procedure to Validate the User

stress test tools, Table 9-3: Test Tools

stress testing, Table 9-2: General Testing Approaches, Stress Testing

stress, exceptions from, Where Exceptions Occur

STRIDE security threat model, STRIDE—Categorizing Threats, Table 14-1: STRIDE Threat Categories

strong name security policy attribute, Table 10-4: Attributes Used to Grant Permissions

strong passwords, Fundamental Lockdown Principles

strong-name signatures

Authenticode, compared to, Authenticode Signing vs. Strong Naming, Should You Authenticode-Sign and Strong-Name Your Application?

benefits of, Strong-Name Signing

creating applications with, Strong Naming, Certificates, and Signing Exercise

delay signing, Delay Signing—Securing Your Build Process, Strong Naming, Certificates, and Signing Exercise

DLLs with, Strong-Named Visual Basic .NET .DLLs and Partial Trust

hash digests, Strong-Name Signing

integrity assurance, Strong-Name Signing

operation of, Strong-Name Signing

partially trusted DLLs, Strong-Named Visual Basic .NET .DLLs and Partial Trust

parts of, Strong-Name Signing

public keys, Strong-Name Signing

PublicKeyToken, Strong Names vs. Weak Names

recommended use of, Should You Authenticode-Sign and Strong-Name Your Application?

representation of, Strong Names vs. Weak Names

sample application, Strong Naming, Certificates, and Signing Exercise

unique identity guarantees, Strong-Name Signing

version integrity, Strong-Name Signing

weak names, compared to, Strong Names vs. Weak Names

strong-named .NET assemblies, Create Scenarios Based on Inroads for Attack

subroutine input

validating, Input to Subroutines

Sun Microsystems vulnerabilities, No Operating System Is Safe

symmetric encryption., see private key encryption

system components

code-access security techniques, Security Features and the Visual Basic .NET Developer

system crash DoS attacks, Table 6-1: Forms of DoS Attacks



Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
Java for RPG Programmers, 2nd Edition
Systematic Software Testing (Artech House Computer Library)
C++ How to Program (5th Edition)
Mastering Delphi 7
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy