Index_M
M
machine keys
ASP.NET application and Web services, 570571
user keys, 176177
machine level access control, 359
Machine.config
ACLs, 554
application configuration settings, 552
ASP.NET application and Web services, 548555
checklists, 727
how to make settings more secure, lxviii
plaintext in, 621
<processModel> element in, 545
vulnerabilities, 429
Web server configuration, 657663
Web servers, 429, 462
<machineKey> element
ASP.NET application and Web services, 562, 570
configuring for view state encryption and integrity checks, 291
Web server configuration, 661
MACs, 89, 291, 569
main remoting threat, 349
man in the middle attacks, 37
message replay attacks, 324
managed code
benefits of .NET, 130131
checklists, 735742
code review, 616622
how to review, lxv
how to write, lxiv
review guidelines, 735739
managed wrapper code, 817819
management options, 289
MapPath, 271
calling, 631
MarshalByRefObject attacks, 354
MatchAllTraffic, 782
MatchHTTPAndHTTPS, 782
MBSA, 746754, 787793 ( see also patch management)
database servers, 511512
to detect missing security patches, 748
to detect the patches, 434
developer workstations, 768769
explained, 749750
how to use, 787793
and .NET Framework, 490
role in patch management, 746747
to secure developer workstations, 768
using regularly, 538
to verify the registry permissions, 524
Mbsacli.exe, 790
and Mbsa.exe, 793
Mbsa.exe and Mbsacli.exe, 793
medium trust
ASP.NET, 239243
file I/O, 205206
OLE DB, 240241
registry, 250
restrictions, 240
sandboxing , 241243
medium trust Web applications
calling a single Web service from, 248
calling DPAPI, 819822
calling multiple Web services from, 249
member level attribute, 624
member visibility, 153
members , 623
membership conditions, 186
message authentication codes. See MACs
message level authentication, 333
message replay attacks, 323324
Basic replay attacks, 324
man in the middle attacks, 324
MessageQueuePermission, 142, 193
metabase.bin file, 452
metadata, 636
method level link demands, 201
mixing with class demands, 201
methodology
application server, 480
network security, 408409
for securing Web servers, 426429
methods
calling with link demands, 201
principal demands, 284
Microsoft Baseline Security Analyzer. See MBSA
Microsoft Intermediate Language
and obfuscation, 173
reverse engineering, 148
Microsoft Management Server, 521
Microsoft .NET remoting. See .NET remoting
Microsoft Operations Manager, 521
Microsoft patterns & practices guidance, 681
Microsoft Search, 513
Microsoft Security Notification Services, 684
Microsoft Security Services, 682
Microsoft Security-Related Web Sites, 681682
Microsoft Solutions Framework, liii
Microsoft SQL Server Desktop Engine. See MSDE
Microsoft Systems Management Server, 448, 753
Microsoft Visual Studio .NET
obfuscation tool, 173
regular expressions, 272273
setting validation expressions in, 265
Microsoft.Web.Services.WebServicesClientProtocol, 342
Microsoft.Win32.Registry class, 208
middle tiers
auditing in, 638
serviced components in Enterprise Services application, 300
minimum permissions, 624
MMC snap-in, 540
MOM. See Microsoft Operations Manager
MSDE
patching, 512
securing for developer workstations, 772774
and SQL server, 791
MSIL. See Microsoft Intermediate Language
MSSQLSERVER, 513
MSSQLServerADHelper, 513
multiple applications
checklists, 703
hosting on the same server, 262
multiple gatekeepers, 83
multiple Web applications
forms authentication issues, 601
overview, 589590
UNC share hosting, 602
MyBlock, 782
MyPermit, 782
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 613
Pages: 613
Authors: Microsoft Corporation