Flylib.com
List of Tables
Previous page
Table of content
Introduction
Table 1: Primary Technologies Addressed by This Guide
Table 2: Newsgroups
Fast Track How To Implement the Guidance
Table 1: Network Security Elements
Table 2: Application Vulnerability Categories
Table 3: SecurityChecklist
Table 4: RACIChart
Chapter 1: Web Application Security Fundamentals
Table 1.1: Network Component Categories
Table 1.2: Rationale for Host Configuration Categories
Table 1.3: Application Vulnerability Categories
Table 1.4: Summary of Core Security Principles
Chapter 2: Threats and Countermeasures
Table 2.1: STRIDE Threats and Countermeasures
Table 2.2: Threats by Application Vulnerability Category
Chapter 3: Threat Modeling
Table 3.1: Implementation Technologies
Table 3.2: Creating a Security Profile
Table 3.3: Code Injection Attack Pattern
Table 3.4: Threat 1
Table 3.5: Threat 2
Table 3.6: Thread Rating Table
Table 3.7: DREAD rating
Table 3.8: Threat 1
Chapter 4: Design Guidelines for Secure Web Applications
Table 4.1: Web Application Vulnerabilities and Potential Problem Due to Bad Design
Table 4.2: Design Guidelines for Your Application
Chapter 5: Architecture and Design Review for Security
Table 5.1: Common Input Validation Vulnerabilities
Table 5.2: Common Authentication Vulnerabilities
Table 5.3: Common Authorization Vulnerabilities
Table 5.4: Common Configuration Management Vulnerabilities
Table 5.5: Common Vulnerabilities with Handling Sensitive Data
Table 5.6: Common Session Management Vulnerabilities
Table 5.7: Common Cryptography Vulnerabilities
Table 5.8: Common Parameter Manipulation Vulnerabilities
Table 5.9: Common Exception Management Vulnerabilities
Table 5.10: Common Auditing and Logging Vulnerabilities
Chapter 6: .NET Security Overview
Table 6.1: Principal and Identity Objects Per Authentication Type
Table 6.2: Permission Types Within the System.Security.Permissions Namespace
Chapter 7: Building Secure Assemblies
Table 7.1: A Comparison of Strong Names and Authenticode Signatures
Chapter 8: Code Access Security in Practice
Table 8.1: Secure Resources and Associated Permissions
Table 8.2: Privileged Operations and Associated Permissions
Chapter 9: Using Code Access Security with ASP.NET
Table 9.1: Restrictions Imposed by the ASP.NET Trust Levels
Table 9.2: ASP.NET Code Access Security Policy Substitution Parameters
Table 9.3: Default ASP.NET Policy Permissions and Trust Levels
Chapter 10: Building Secure ASP.NET Pages and Controls
Table 10.1: Options for Constraining and Sanitizing Data
Table 10.2: Useful Regular Expression Fields
Chapter 11: Building Secure Serviced Components
Table 11.1: Impersonation Levels
Chapter 12: Building Secure Web Services
Table 12.1: XSD Schema Element Examples
Chapter 14: Building Secure Data Access
Table 14.1: Code Access Security Permissions Required by ADO.NET Data Providers
Chapter 15: Securing Your Network
Table 15.1: Commonly Used ICMP Messages
Table 15.2: Source Addresses That Should be Filtered
Table 15.3: Snapshot of a Secure Network
Chapter 16: Securing Your Web Server
Table 16.1: IIS Installation Defaults
Table 16.2: NET Framework Installation Defaults
Table 16.3: Password Policy Default and Recommended Settings
Table 16.4: Snapshot of a Secure Web Server
Table 16.5: Security Notification Services
Table 16.6: Industry Security Notification Services
Chapter 17: Securing Your Application Server
Table 17.1: Enterprise Services Components
Table 17.2: NET Framework Enterprise Services Tools and Configuration Settings
Table 17.3: Enterprise Services Application Authentication Levels
Chapter 18: Securing Your Database Server
Table 18.1: SQL Server Installation Defaults
Table 18.2: Items Not to Install During Custom Installation
Table 18.3: Password Policy Default and Recommended Settings
Table 18.4: NTFS Permissions for SQL Server Service Account
Table 18.5: Snapshot of a Secure Database Server
Table 18.6: Security Notification Services
Table 18.7: Industry Security Notification Services
Chapter 19: Securing Your ASP.NET Application and Web Services
Table 19.1: Configuration File Locations
Table 19.2: Applying Configuration Settings
Table 19.3: Required NTFS Permissions for ASP.NET Process Accounts
Table 19.4: Snapshot of a Secure ASP.NET Application Configuration
Chapter 20: Hosting Multiple Web Applications
Table 20.1: Application Isolation Features for Windows 2000 and Windows Server 2003
Table 20.2: Components of the Windows 2000 ASP.NET Architecture
Table 20.3: Components of the Windows Server 2003 ASP.NET Architecture
Chapter 21: Code Review
Table 21.1: Possible Sources of Input
Table 21.2: Character Representation
Table 21.3: Dangerous Permissions
Chapter 22: Deployment Review
Table 22.1: Source Addresses that Should Be Filtered
How To: Harden the TCP/IP Stack
Table 1: Recommended Values
Table 2: Recommended Values
Table 3: Recommended Values
Table 4: Recommended Values
Table 5: Recommended Values
How To: Secure Your Developer Workstation
Table 6: Configuration: Categories
Previous page
Table of content
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors:
Microsoft Corporation
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Oracle Structures
Oracle Advanced SELECT Options
Optimizing: The Oracle Side
Other Tips
Data Dictionary Report
Metrics and Models in Software Quality Engineering (2nd Edition)
Reliability and Validity
Defect Removal Effectiveness and Quality Planning
Productivity Metrics
The Summarization Phase
Concluding Remarks
Programming Microsoft ASP.NET 3.5
Creating Bindable Grids of Data
ASP.NET Iterative Controls
ASP.NET Security
Extending Existing ASP.NET Controls
Working with Images in ASP.NET
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Computers as Persuasive Tools
Computers as Persuasive Media Simulation
Credibility and Computers
Credibility and the World Wide Web
Captology Looking Forward
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
The PSTN Versus the Internet
Packet-Switched Networks
Optical Networking
1G: Analog Transmission
Mobile TV
Comparing, Designing, and Deploying VPNs
Benefits and Drawbacks of L2TPv3-Based L2VPNs
Deploying Site-to-Site IPsec VPNs
Operation of L2TP Voluntary/Client-Initiated Tunnel Mode
Summary
Understanding IPLS
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies