hacking the code asp web application security cookbook外语英文电子书

《hacking the code asp web application security cookbook外语英文电子书》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、MoreFreeEbook:http://www.latestebook.comHackingtheCode:ASP.NETWebApplicationSecurityby MarkM.Burnett and JamesC.FosterISBN:1932266658SyngressPublishing©2004Thisuniquebookwalksyouthroughthemanythreatstoyourwebapplicationcode,frommanagingandauthorizingusersandencryptingprivatedatatof

2、ilteringuserinputandsecuringXML.TableofContentsHackingtheCodeASP.NETWebApplicationSecurityChapter1-ManagingUsersChapter2-AuthenticatingandAuthorizingUsersChapter3-ManagingSessionsChapter4-EncryptingPrivateDataChapter5-FilteringUserInputChapter6-AccessingDataChapter7-DevelopingSecur

3、eASP.NETApplicationsChapter8-SecuringXMLAppendixA-Understanding.NETSecurityAppendixB-GlossaryofWebApplicationSecurityThreatsIndexListofFiguresListofTablesListofSidebarsMoreFreeEbook:http://www.latestebook.comMoreFreeEbook:http://www.latestebook.comBackCoverThisuniquebookwalksyouthr

4、oughthemanythreatstoyourwebapplicationcode,frommanagingandauthorizingusersandencryptingprivatedatatofilteringuserinputandsecuringXML.Foreverydefinedthreat,itprovidesamenuofsolutionsandcodingconsiderations.And,itofferscodingexamplesandasetofsecuritypoliciesforeachofthecorrespondingt

5、hreats.Knowthethreatstoyourapplications:Developsecurepasswordpoliciesandsecurelymanageuserpasswordsinyourwebapplication.Establishasecureprocedureforresettinglostorforgottenpasswordsanddiscoverhowtoproperlyusesecretquestionsinthatprocess.Securelyauthenticateandauthorizeusers,takinga

6、dvantageoftheadvancedcapabilitiesinASP.NET.Limitexposuretocredentialharvestingandbruteforcepasswordattacks.Securelymanageusersessionsandlearnhowtocreatestronguserauthenticationtokens.Workwiththebuilt-instateprovidersandsecurelyimplementviewstateinyourforms.Makesenseoftheextensiveen

7、cryptionfeaturesinASP.NETandemploysymmetricandasymmetricencryptionforsensitivedata.Properlyencryptandstoresecretstotheregistry,afile,ortheprotectedstore.FilteruserinputtopreventfromSQLinjection,directorytraversal,cross-sitescriptingandotherapplication-levelattacks.Applytechniquessu

8、chaspatternmatchinganddata