|
QueryString collection, Web Application Input, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
RangeValidator, Table 7-1: Validator Controls Available for ASP.NET
reboots, unscheduled, Detecting That an Attack Has Taken Place or Is in Progress
reducing the attack surface
locking down platforms. , see locking down
Reflection keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
reflection permission, Table 3-2: Permissions for Each Zone, Table 3-4: Permissions for Local Intranet and Trusted Sites Zones
registry
permission to write to, Table 3-2: Permissions for Each Zone
regular expressions
examples, table of, Regular Expressions, Table 7-2: Examples of Regular Expressions
importing class for, Parse Method
path validation with, Enforce Canonical Filenames
RegularExpressionValidator, Table 7-1: Validator Controls Available for ASP.NET, Validation Tools Available to ASP.NET Web Applications, Figure 7-1: The error displayed by the RegularExpressionValidator control
SQL-injection attacks, preventing with, Validate Input Parameters
validation with, Regular Expressions, Table 7-2: Examples of Regular Expressions
RegularExpressionValidator, Table 7-1: Validator Controls Available for ASP.NET, Validation Tools Available to ASP.NET Web Applications, Figure 7-1: The error displayed by the RegularExpressionValidator control
replication of sites by hackers, Take the Attacker’s View
repudiation
defined, Implementing an Audit Trail
repudiation attacks, Table 14-1: STRIDE Threat Categories, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them
Request object
validating input, Web Application Input, Don’t Rely on Data Sent to the Client
Request.Form warnings, Cross-Site Scripting Attacks
RequiredFieldValidator, Table 7-1: Validator Controls Available for ASP.NET
requirements
inherently insecure goals, Design Challenges
resource starvation attacks, Table 6-1: Forms of DoS Attacks, Table 6-2: DoS Defensive Techniques, Defending Against Memory and Resource DoS Attacks
resources
exceptions caused by lack of, Where Exceptions Occur
stress testing, Stress Testing
responding to attacks, Respond to an Attack, Prepare for a Response
response plans for attacks, Prepare for a Response
reverse-engineering tools, Table 9-3: Test Tools
RmDir keyword, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)
role-based security, Chapter 2: Role-Based Authorization
Active Directory searches, Searching Active Directory, Windows Integrated Security
Active Directory, advantages of, Role-Based Authorization in the Real World
anonymous users, ASP.NET Authentication and Authorization
ASP.NET authorization, ASP.NET Authentication and Authorization
assigning roles, Role-Based Authorization Exercise
authenticated users, denying access to, ASP.NET Authentication and Authorization
authentication, Chapter 2: Role-Based Authorization
code-access security, compared to, Code-Access Security vs. Application Role-Based Security
database structure, sample, Role-Based Authorization Exercise
database-based system advantages, Role-Based Authorization in the Real World
directories, restricting access to, ASP.NET Authentication and Authorization
disabling functionality, Role-Based Authorization Exercise
dividing areas of responsibility, Chapter 2: Role-Based Authorization
FormsIdentity objects, The Identity and Principal Objects, Chapter 2: Role-Based Authorization
functions, sample, Role-Based Security
GenericIdentity objects, The Identity and Principal Objects, Chapter 2: Role-Based Authorization, Role-Based Authorization Exercise
GenericPrincipal objects, Chapter 2: Role-Based Authorization, Role-Based Authorization Exercise
goals of, Chapter 2: Role-Based Authorization
group names, Windows Integrated Security
groups for, Role-Based Authorization in the Real World
Identity, Chapter 2: Role-Based Authorization
loading roles from databases, Role-Based Authorization Exercise
Name property, The Identity and Principal Objects
PassportIdentity objects, The Identity and Principal Objects, Chapter 2: Role-Based Authorization
preemption by code-access security, Code-Access Security Preempts Application Role-Based Security
Principal, Chapter 2: Role-Based Authorization
principle of least privilege, Chapter 2: Role-Based Authorization
purpose of, Chapter 2: Role-Based Authorization
real-world problems, Role-Based Authorization in the Real World
sample roles, Chapter 2: Role-Based Authorization
tables holding assignments, Role-Based Authorization Exercise
user interfaces with, Role-Based Authorization Exercise
Windows integrated security for, Windows Integrated Security
WindowsIdentity objects, The Identity and Principal Objects, Chapter 2: Role-Based Authorization
WindowsPrincipal objects, Chapter 2: Role-Based Authorization
RoleBasedSecurity.vb
functions of, Appendix B: Contents of SecurityLibrary.vb, Validating Input
roles
purpose of, Chapter 2: Role-Based Authorization
samples of, Chapter 2: Role-Based Authorization
using. , see role-based security
root directory, finding in attacks, File-Based or Directory-Based Attacks
row level authorization, SQL Server Authorization
RSA
defined, Public Key Encryption
functions for, creating, Public Key Encryption
|