| ||
Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 6, Determining Appropriate Access Control
Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 8, Cryptographic Foibles
Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 9, Protecting Secret Data
Windows Access Control: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_control.asp
Windows Data Protection: http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp
How To: Use DPAPI (Machine Store) from ASP.NET: by J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy: http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT08.asp
Threat Mitigation Techniques: http://msdn.microsoft.com/library/en-us/secbp/security/threat_mitigation_techniques.asp
Implementation of SecureZeroMemory: http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp
Making Strings More Secure: http://weblogs.asp.net/shawnfa/archive/2004/05/27/143254.aspx
Secure Programming for Linux and Unix HOWTOCreating Secure Software by David Wheeler: www.dwheeler.com/secure-programs
Java Security, Second Edition by Scott Oaks (OReilly, 2001), Chapter 5, Key Management, pp. 7991
Jad Java Decompiler: http://kpdus.tripod.com/jad.html
Class KeyStore (Java 2 Platform 5.0): http://fl.java.sun.com/j2se/1.5.0/docs/api/java/security/KeyStore.html
Enabling Secure Storage with Keychain Services: http://developer.apple.com/documentation/Security/Conceptual/keychainServConcepts/ keychainServConcepts.pdf
Java KeyStore Explorer: http://www.lazgosoftware.com/kse/
Enabling Secure Storage With Keychain Services: http:// developer.apple.com/documentation/Security/Reference/keychainservices/ index.html
Introduction to Enabling Secure Storage With Keychain Services: http://developer.apple.com/documentation/Security/Conceptual/keychainServConcepts/index.html#//apple_ref/doc/uid/TP30000897
Adding Simple Keychain Services to Your Application: http://developer.apple.com/documentation/Security/Conceptual/ keychainServConcepts/03tasks/chapter_3_section_2.html
Knowledge Base Article 329290: How to use the ASP.NET utility to encrypt credentials and session state connection strings: http://support.microsoft.com/default.aspx?scid=kb;en-us;329290
Safeguard Database Connection Strings and Other Sensitive Settings in Your Code by Alek Davis: http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx
Reflector for .NET: http://www.aisto.com/roeder/dotnet/