Index_F
F
factory default settings, 679
failed actions, 452, 675
failing in ASP.NET, 262
false positives from security update checks, 792
fast track, lxxiiilxxiv
feedback and support, lx
fields, 154, 617
file authorization
ASP.NET application and Web services, 563
gatekeeper, 563
for user access control, 359360
with Windows authentication, 284
file I/O, 205207
assemblies, 164165
checklists, 739
code access security, 205207
code access security constraints, 830831
code access security policy, 828830
creating an assembly that performs , 825826
how to constrain, lxvi, lxxi
medium trust, 205206
testing with no code access security constraints, 827
validating input used for, 270
FileAuthorizationModule, 359360
ASP.NET, 350
web service endpoint authorization, 336
with Windows authentication, 284
FileDialogPermission, 142
FileIOPermission, 207
demand, 199
in medium trust applications, 239
in partial trust Web applications, 231
requesting, 207
and state, 229
table, 142
files
access, 577578
checklists, 730
names , 164
path lengths, 169
types, 662
files and directories
checklists, 725
data server configuration, 673
database servers, 519521
Enterprise Services, 665666
vulnerabilities, 428
Web server configuration, 648649
Web servers, 428, 446
filtering
network security, 410
ports and authentication, 777786
filters
actions, 778779
actions described, 779
described, 778779
IPSec policies, 778779
network security, 414415
routines, 378
Findstr command line tool, 606607
fine-grained authorization, 285286
firewalls
checklists, 722
configuring to support DTC traffic, 318
considerations, 482486
data access restrictions, 397
deployment restrictions, 314315
deployment review, 679
in deployment topology, 102
Enterprise Services port configuration, 482
and IPSec, 778
limitations of, xlviixlviii, 3
network security, 409
network security considerations, 413416
to support DTC traffic, 523
fixed identities
impersonating, 286
impersonation of, 597599
footprinting, 21
forbidden resources, 575
forewords
Erik Olson, xlivxlv
Joel Scambray, xliii
Mark Curphey, xlixlii
Michael Howard, xlvi
form fields
inputting, 631632
manipulation described, 40
FormatException, 267
forms authentication
guidelines, 560
how to secure, lxvii
issues, 601
SSL, 562
Web pages and controls, 277278
<forms> element, 281
Forms-authentication cookie encryption, 570
FormsAuthentication type, 141
FormsAuthenticationTicket, 281
FormsIdentity type, 141
formulas for assessing risk, 63
404.dll, 437
ASP.NET application and Web services, 547
Web servers, 457458
FPSE. See FrontPage server extensions
fragmented packets, 761
<frame> security attribute, 613
for cross-site scripting, 277
free format input sanitization , 273
free-text field, 79
FrontPage server extensions
Web server configuration, 655
Web servers, 455456
FTP
disabling, 646
Web servers, 439
full trust and partial trust, 224225
full trust environment, 151
FxCop, 606
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 613
Pages: 613
Authors: Microsoft Corporation
- Chapter IV How Consumers Think About Interactive Aspects of Web Advertising
- Chapter VI Web Site Quality and Usability in E-Commerce
- Chapter VII Objective and Perceived Complexity and Their Impacts on Internet Communication
- Chapter XV Customer Trust in Online Commerce
- Chapter XVIII Web Systems Design, Litigation, and Online Consumer Behavior