Hacking the Code: ASP.NET Web Application Security
Editorial Reviews
Book Description
More of a programmer's guide than a security guide, Hacking the Code explains how certain code can be attacked, shows how you should edit the code, and offers case studies and examples for doing so. The book establishes policies for object input, and shows how to audit existing code for potential security problems.
People constantly ask security expert Mark Burnett for a guide to writing secure code. They don't want a course on security, they want to fix their code. This book is a practical guide on how to maintain session state, how to properly handle cookies, how to get user input, and more. Instead of just telling you how to do it, Burnett shows actual code that can be dropped right into your applications. This book covers almost all security issues known. Burnett has put hundreds of hours of research into his code audit database and is now making that available to you.
From the Publisher
Are Your Web Applications Really Secure? This unique book walks you through the many threats to your web application code, from managing and authorizing users and encrypting private data to filtering user input and securing XML. For every defined threat, it provides a menu of solutions and coding considerations. And, it offers coding examples and a set of security policies for each of the corresponding threats. Know the threats to your applications:
* Develop secure password policies and how to securely manage user passwords in your web application.
* Establish a secure procedure for resetting lost or forgotten passwords and discover how to properly use secret questions in that process.
* Securely authenticate and authorize users, taking advantage of the advanced capabilities in ASP.NET
* Limit exposure to credential harvesting and brute force password attacks.
* Securely manage user sessions and learn how to create strong user authentication tokens.
* Work with the built-in state providers and securely implement view state in your forms.
* Make sense of the extensive encryption features in ASP.NET and employ symmetric and asymmetric encryption for sensitive data.
* Properly encrypt and store secrets to the registry, a file, or the protected store.
* Filter user input to prevent from SQL injection, directory traversal, cross-site scripting and other application-level attacks.
* Apply techniques such as pattern matching and data reflecting to control exposure to malicious input attacks.
* Configure honey drops to detect attacks on your web application
* Configure IIS and ASP.NET to constrain buffer overflow, denial of service, and other attacks.
* Write secure database access code.
* Secure databases and database drivers.
* Construct secure HTML markup to limit exposure to cross-site scripting and cross-site request forgery attacks.
* Use structured error handling to prevent failure conditions that open holes or reveal sensitive information.
· Integrate XML encryption and apply XML digital signatures. Your Solutions Membership Gives You Access to:
Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
"From the Author" Forum where the authors post timely updates and links to related sites
The complete code listings from the book
These downloadable e-booklets:
Stealing The Network: How to Own a Continent: Product of Fate: The Evolution of a Hacker
Special Ops: Host and Network Security for Microsoft, Unix, and Oracle: Hacking Custom Web Applications
CYA: Securing IIS: Configuring Advanced Web Server Security
IT Ethics Handbook: Programmers and Analysts
Hacking the Code: ASP.NET Web Application Security
Hacking the Code: ASP.NET Web Application Security,Mark Burnett,Syngress,1932266658,Application software,Computer Bks - Communications / Networking,Computer Books: General,Computer networks,Computers,Networking - General,Programming - General,Security - General,Security measures,Security
Hot Books:
Recommended Books