A

access, Windows Integrated Security, Role-Based Authorization in the Real World, Security Zones and Permissions, Security Zones and Permissions, Ensuring That Your Code Will Run Safely, Securing Web Services

code, Security Zones and Permissions (see )

directories, Windows Integrated Security

permission for, Security Zones and Permissions (see )

roles, Role-Based Authorization in the Real World (see )

settings, storing, Ensuring That Your Code Will Run Safely

Web services, Securing Web Services

Access, Microsoft, Practice Files, SQL Server Authorization, Microsoft Access Authentication and Authorization, Microsoft Access Authentication and Authorization, Microsoft Access Authentication and Authorization, Microsoft Access Authentication and Authorization, Microsoft Access User-Level Security Models, Microsoft Access User-Level Security Models, Microsoft Access User-Level Security Models, Microsoft Access User-Level Security Models, Microsoft Access User-Level Security Models, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Guide to the Code Samples

authentication, SQL Server Authorization

authorization, Microsoft Access User-Level Security Models

database sample for exercises, Practice Files

EmployeeDatabase.mdb, Guide to the Code Samples

Full Rights model, Microsoft Access Authentication and Authorization

locking down, Locking Down Microsoft Access

None authentication option, Microsoft Access Authentication and Authorization

Owner-Admin model, Microsoft Access User-Level Security Models

password authentication, Microsoft Access Authentication and Authorization

permissions, Microsoft Access User-Level Security Models

service packs for, Locking Down Microsoft Access

setting up authentication, Microsoft Access User-Level Security Models

user-level security, Microsoft Access Authentication and Authorization

VBA code protection, Locking Down Microsoft Access

Windows NT file protection, Locking Down Microsoft Access

workgroup creation, Microsoft Access User-Level Security Models

accounts, ASP.NET Authentication and Authorization, Forms Authentication, Windows Integrated Security Authentication, SQL-Injection Attacks, Implement BIOS Password Protection, Disable and Delete Unnecessary Accounts, Determining Who Is Logged On, How SQL Server Assigns Privileges, Locking Down Microsoft Access, Locking Down SQL Server

Administrator, Disable and Delete Unnecessary Accounts

Anonymous users, ASP.NET Authentication and Authorization, Forms Authentication, Windows Integrated Security Authentication

disabling, Implement BIOS Password Protection

guest user, Determining Who Is Logged On, How SQL Server Assigns Privileges

sa, SQL-Injection Attacks, Locking Down SQL Server

SQL Server, Locking Down Microsoft Access

Achilles, Testing Tools

ACT (Microsoft Application Center Test), Stress Testing

Active Directory, Windows Integrated Security, Windows Integrated Security, Role-Based Authorization in the Real World, Security Zones and Permissions

advantages for authorization, Role-Based Authorization in the Real World

permissions for, Security Zones and Permissions

referencing services, Windows Integrated Security

searching for roles, Windows Integrated Security

ActiveX, Use Quotes Around All Path Names, Windows Installer Deployment

buffer overrun vulnerability, Use Quotes Around All Path Names

deployment, Windows Installer Deployment

ad hoc testing, Testing Approaches, Writing Self-Testing Code

Administrator accounts, disabling, Disable and Delete Unnecessary Accounts

Aimster, Turn Off Unnecessary Sharing

AllowPartiallyTrustedCallers attribute, It’s On By Default, Strong-Named Visual Basic .NET .DLLs and Partial Trust

Anakrino, Create a Blueprint of Your Application, Testing Tools

analyzing for vulnerabilities, Threats—Analyze, Prevent, Detect, and Respond, Threats—Analyze, Prevent, Detect, and Respond, Analyze for Threats and Vulnerabilities, Identify Threats, Allocate Time

(see also )

identifying threats, Analyze for Threats and Vulnerabilities

methods for avoiding damage, list of, Threats—Analyze, Prevent, Detect, and Respond

overview, Threats—Analyze, Prevent, Detect, and Respond

prioritizing threats, Identify Threats

anomaly detection, Detecting That an Attack Has Taken Place or Is in Progress

anonymity as an issue, What Happens Next?

anonymizer.com, What Happens Next?

Anonymous users, ASP.NET Authentication and Authorization, Forms Authentication, Windows Integrated Security Authentication

anti-replay protection, Privacy vs. Security

antivirus software, Fundamental Lockdown Principles

ANTS, Testing Tools

API functions, Review Code for Threats

Apple OS vulnerabilities, The Arms Race of Hacking

application firewalls, Step 9: Secure the Network with a Firewall

application-level attacks, Defensive Techniques for DoS Attacks, Defending Against Memory and Resource DoS Attacks, Defending Against Memory and Resource DoS Attacks, SQL-Injection Attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, Use Server.HtmlEncode and Server.UrlEncode, Defensive Technique for Child-Application Attacks, Guarding Against Attacks in the Real World, Future Trends

buffer overruns, Defensive Technique for Child-Application Attacks, Future Trends

child-application attacks, Use Server.HtmlEncode and Server.UrlEncode

cross-site scripting, Cross-Site Scripting Attacks (see )

denial of service, Defensive Techniques for DoS Attacks (see )

directory-based attacks, Defending Against Memory and Resource DoS Attacks

file-based attacks, Defending Against Memory and Resource DoS Attacks

real-world considerations, Guarding Against Attacks in the Real World

SQL-injection, SQL-Injection Attacks (see )

XSS, Cross-Site Scripting Attacks (see )

architecture, Step 2: Design and Implement Security at the Beginning, Step 2: Design and Implement Security at the Beginning, Step 4: Design a Secure Architecture, Named-Pipes vs. TCP-IP, Prioritize Analysis Based on the Function of Each Component

designing secure, Step 2: Design and Implement Security at the Beginning

diagrams for threat analysis, Prioritize Analysis Based on the Function of Each Component

distributed, Step 2: Design and Implement Security at the Beginning

minimum security measures, Named-Pipes vs. TCP-IP

named-pipes vs. TCP-IP, Step 4: Design a Secure Architecture

arms race nature of security, Future Trends, What Happens Next?

ASP.NET, Windows Integrated Security, ASP.NET Authentication and Authorization, ASP.NET Authentication and Authorization, ASP.NET Authentication and Authorization, ASP.NET Authentication and Authorization, How Visual Basic .NET Determines Zone, How Visual Basic .NET Determines Zone, Install the Passport SDK, Cross-Site Scripting Attacks, Validation Tools Available to ASP.NET Web Applications, Parse Method

anonymous users, ASP.NET Authentication and Authorization

authenticated users, ASP.NET Authentication and Authorization

BUILTIN qualifier, ASP.NET Authentication and Authorization

cross-site scripting attack vulnerability, Cross-Site Scripting Attacks

Passport for, Install the Passport SDK (see )

Request object, Parse Method

role-based authorization, Windows Integrated Security

validator controls, Validation Tools Available to ASP.NET Web Applications

Web Forms, How Visual Basic .NET Determines Zone

Web.config file, Authorization section, ASP.NET Authentication and Authorization

zone assignment, How Visual Basic .NET Determines Zone

ASP.NET authentication, ASP.NET Authentication, ASP.NET Authentication, ASP.NET Authentication, ASP.NET Authentication, ASP.NET Authentication, EmployeeManagementWeb Practice Files, Forms Authentication, Forms Authentication, Windows Integrated Security Authentication, Install the Passport SDK, Install the Passport SDK

adding secure areas, Forms Authentication

Anonymous users, denying access to, Forms Authentication

authorization with, ASP.NET Authentication

choosing a method for, Install the Passport SDK

EmployeeManagementWeb sample application, EmployeeManagementWeb Practice Files

Forms authentication, ASP.NET Authentication

None option, ASP.NET Authentication

real-world considerations, Install the Passport SDK

types of, ASP.NET Authentication

Windows integrated security for, ASP.NET Authentication, Windows Integrated Security Authentication

.aspx pages, sample default page, Employee Management System

assemblies, strong vs. weak naming, Strong-Name Signing

Assembly keyword, Review Code for Threats

Assert, It’s On By Default

attack signature detection, Detecting That an Attack Has Taken Place or Is in Progress

attack surface area, Where Exceptions Occur, Remove Samples

defined, Where Exceptions Occur

reducing for platforms, Remove Samples (see )

attacks, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Denial of Service Attacks, Denial of Service Attacks, Defensive Techniques for DoS Attacks, Defensive Techniques for DoS Attacks, Defensive Techniques for DoS Attacks, Defensive Techniques for DoS Attacks, Defending Against Memory and Resource DoS Attacks, Defending Against Memory and Resource DoS Attacks, Enforce Canonical Filenames, SQL-Injection Attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, Use Server.HtmlEncode and Server.UrlEncode, Defensive Technique for Child-Application Attacks, Use Quotes Around All Path Names, Use Quotes Around All Path Names, Guarding Against Attacks in the Real World, Guarding Against Attacks in the Real World, Validating Input, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Create a Blueprint of Your Application, Create a Blueprint of Your Application, Create Scenarios Based on Inroads for Attack, Filter and Prioritize Tests for Each Scenario, Testing Tools, Threats—Analyze, Prevent, Detect, and Respond, Prioritize Threats, Mitigating Threats, Detecting That an Attack Has Taken Place or Is in Progress, Determining Whether to Trust Your Detection Mechanisms, Respond to an Attack, Respond to an Attack, Respond to an Attack, Respond to an Attack, Respond to an Attack, Respond to an Attack, Respond to an Attack, Prepare for a Response, Prepare for a Response, Prepare for a Response, Prepare for a Response, Security Threats in the Real World, Future Trends, Cyber-Terrorism, What Happens Next?

(see also )

ActiveX vulnerability, Use Quotes Around All Path Names

advantages of .NET, Guarding Against Attacks in the Real World

assessing damage from, Respond to an Attack

attacker’s view, taking, Plan of Attack—The Test Plan

bandwidth starvation, Denial of Service Attacks

buffer overruns, Defensive Technique for Child-Application Attacks, Future Trends

bypassing UI attacks, Mitigating Threats

child-application attacks, Use Server.HtmlEncode and Server.UrlEncode

code access, Create a Blueprint of Your Application

CPU starvation, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

creating scenarios based on inroads, Create a Blueprint of Your Application

cross-site scripting, Cross-Site Scripting Attacks (see )

decomposing applications, Plan of Attack—The Test Plan

denial of service, Defensive Techniques for DoS Attacks (see )

deploying fixes for, Prepare for a Response

detecting, Detecting That an Attack Has Taken Place or Is in Progress (see )

detection systems, on, Determining Whether to Trust Your Detection Mechanisms

device names, Enforce Canonical Filenames

directory-based, Defending Against Memory and Resource DoS Attacks

file-based, Defending Against Memory and Resource DoS Attacks

fixes, Respond to an Attack

input-related, Validating Input

inventory of installed components, Plan of Attack—The Test Plan

memory starvation, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

network hijacking, Testing Tools

planning responses for, Prepare for a Response

preserving evidence of, Respond to an Attack

prioritizing scenarios, Create Scenarios Based on Inroads for Attack

real-world considerations, Guarding Against Attacks in the Real World, Prepare for a Response

resource starvation, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

responding to, Respond to an Attack

restoring systems after, Respond to an Attack

root cause detection, Respond to an Attack

scenarios, Plan of Attack—The Test Plan (see )

social engineering, Cyber-Terrorism

SQL-injection, SQL-Injection Attacks (see )

steps after detecting, Security Threats in the Real World

steps in securing from, Threats—Analyze, Prevent, Detect, and Respond

stopping damage from, Respond to an Attack

system crash DoS, Denial of Service Attacks

testing to prevent, Filter and Prioritize Tests for Each Scenario (see )

threat mitigation, Prioritize Threats

tools available for, What Happens Next?

user notification of, Prepare for a Response

XSS, Cross-Site Scripting Attacks (see )

attributes, security policy permission, Deploying .NET Security Policy Updates

auditing, Securing Web Services, Enable Auditing, Locking Down SQL Server, Privacy vs. Security, Privacy vs. Security, Privacy vs. Security, Privacy vs. Security

activity types, based on, Privacy vs. Security

Big Brother systems, Privacy vs. Security

enabling, Enable Auditing

importance of, Privacy vs. Security

SQL Server, Locking Down SQL Server

trace-back, Privacy vs. Security

trails, creating, Securing Web Services

authentication, Hiding Unnecessary Information, Role-Based Authorization in the Real World, Role-Based Authorization in the Real World, Forms Authentication, Forms Authentication, Windows Integrated Security Authentication, Install the Passport SDK, Securing Web Services, Digital Certificates, Securing Databases, Securing Databases, SQL Server Authentication, SQL Server Authorization, SQL Server Authorization, Microsoft Access Authentication and Authorization, Privacy vs. Security

ASP.NET, Forms Authentication (see )

database, Securing Databases, SQL Server Authorization

forms, Forms Authentication (see )

Microsoft Access, SQL Server Authorization

Mixed Mode, SQL Server Authentication

Passport, Install the Passport SDK (see )

passwords, encrypted, Hiding Unnecessary Information

privacy issues, Privacy vs. Security

role-based, Role-Based Authorization in the Real World (see )

SQL Server, Securing Databases (see )

user-level security for Access, Microsoft Access Authentication and Authorization

Web services with, Securing Web Services

Windows, Role-Based Authorization in the Real World (see )

Windows integrated security, Windows Integrated Security Authentication

X.509 certificates, Digital Certificates

Authenticode signing, Obtain an X.509 Certificate from a Certificate Authority, Strong-Named Visual Basic .NET .DLLs and Partial Trust, Should You Authenticode-Sign and Strong-Name Your Application?, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise

overview, Obtain an X.509 Certificate from a Certificate Authority

sample application, Should You Authenticode-Sign and Strong-Name Your Application?

setup packages, Strong Naming, Certificates, and Signing Exercise

SignCode.exe, signing with, Strong Naming, Certificates, and Signing Exercise

strong naming, compared to, Strong-Named Visual Basic .NET .DLLs and Partial Trust

timestamp services, Strong Naming, Certificates, and Signing Exercise

authorization, Windows Integrated Security, ASP.NET Authentication and Authorization, Role-Based Authorization in the Real World, Securing Web Services, Securing Databases, SQL Server Authorization, SQL Server Authorization, SQL Server Authorization, SQL Server Authorization, SQL Server Authorization, Microsoft Access User-Level Security Models, Microsoft Access User-Level Security Models, Microsoft Initiatives

ASP.NET-based, Windows Integrated Security

AzMan, Microsoft Initiatives

column level, SQL Server Authorization

databases, Securing Databases, SQL Server Authorization, Microsoft Access User-Level Security Models

Microsoft Access, Microsoft Access User-Level Security Models

real world-problems, ASP.NET Authentication and Authorization

role-based, Role-Based Authorization in the Real World (see )

row level, SQL Server Authorization

SQL Server, SQL Server Authorization

table level, SQL Server Authorization

Web services, for, Securing Web Services

Authorization Manager (AzMan), Microsoft Initiatives

automated unit testing, Testing Approaches, Ad Hoc, or Manual, Testing, Testing Tools

AzMan (Authorization Manager), Microsoft Initiatives