List of Tables

Chapter 3: Code-Access Security

Table 3-1: Available Zones and Levels of Trust

Table 3-2: Permissions for Each Zone

Table 3-3: Full Trust Permissions Granted to My Computer Zone

Table 3-4: Permissions for Local Intranet and Trusted Sites Zones

Table 3-5: Security Zone Assignments for .NET Applications

Chapter 4: ASP.NET Authentication

Table 4-1: Authentication Types for ASP.NET Applications

Table 4-2: ASP.NET Pages in the EmployeeManagementWeb Application

Table 4-3: Values for Registering a New Application with Passport

Chapter 6: Application Attacks and How to Avoid Them

Table 6-1: Forms of DoS Attacks

Table 6-2: DoS Defensive Techniques

Table 6-3: Examples of Noncanonical Filenames

Table 6-4: Controls Added to the ScriptAttack.Aspx Web Form

Table 6-5: Server.HtmlEncode Replacement Scheme

Chapter 7: Validating Input

Table 7-1: Validator Controls Available for ASP.NET

Table 7-2: Examples of Regular Expressions

Table 7-3: Parse Methods for Numeric and Date/Time Formatted Strings

Chapter 9: Testing for Attack- Resistant Code

Table 9-1: Security Test-Scenario Priority Scale

Table 9-2: General Testing Approaches

Table 9-3: Test Tools

Chapter 10: Securing Your Application for Deployment

Table 10-1: Deployment Techniques and When to Use Them_ (continued)

Table 10-2: Deployment Techniques and Use of the Sandbox

Table 10-3: Authenticode Signing vs. .NET Strong Naming

Table 10-4: Attributes Used to Grant Permissions

Chapter 13: Ten Steps to Designing a Secure Enterprise System

Table 13-1: Commonly Used Ports

Chapter 14: Threats—Analyze, Prevent, Detect, and Respond

Table 14-1: STRIDE Threat Categories

Table 14-2: Example of Common Attacks and Techniques to Mitigate Them

Chapter 15: Threat Analysis Exercise

Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)

Table 15-2: Priority Scheme

Table 15-3: Prioritize Threats for the Employee Management System_ (continued)

Appendix A: Guide to the Code Samples

Table A-1: List of Valid Usernames