C

cabinet (.CAB) files, Windows Installer Deployment, Cabinet-File Deployment, Deploy and Run Your Application in the .NET Security Sandbox

overview, Windows Installer Deployment

sandbox with, Deploy and Run Your Application in the .NET Security Sandbox

when to use, Cabinet-File Deployment

canonical filenames, File-Based or Directory-Based Attacks

CAS, Security Zones and Permissions (see )

casing, Direct User Input

CERT Web site, The Arms Race of Hacking

certificate authorities, How SSL Works, Obtain an X.509 Certificate from a Certificate Authority

certificates, Authenticode Signing (see )

challenges to designing security, Ten Steps to Designing a Secure Enterprise System

CharacterCasing property of TextBox, Direct User Input

ChDir keyword, Review Code for Threats

ChDrive keyword, Review Code for Threats

child-applications attacks, Use Server.HtmlEncode and Server.UrlEncode

cipher text, Encryption

class library zone assignments, How Visual Basic .NET Determines Zone

client-server applications, Hash Digests, Automated Tools, Automated Tools, Automated Tools, Automated Tools, Automated Tools, Enable Auditing, Enable Auditing, Enable Auditing, Turn Off Unnecessary Sharing, Turn Off Unnecessary Sharing, Turn Off Unnecessary Sharing, Implement BIOS Password Protection, Step 4: Design a Secure Architecture

architecture recommended, Step 4: Design a Secure Architecture

auditing, enabling, Enable Auditing

BIOS passwords, Turn Off Unnecessary Sharing

disabling auto logon, Automated Tools

file-sharing software, Turn Off Unnecessary Sharing

floppy drives, disabling booting from, Implement BIOS Password Protection

locking down, Automated Tools

MBSA with, Automated Tools

NTFS recommended, Automated Tools

screen saver passwords, Turn Off Unnecessary Sharing

sharing, turning off, Enable Auditing

spoofing hashes, Hash Digests

turning off services, Enable Auditing

Windows clients, Automated Tools

clsEmployee sample class, Employee Management System

Cobalt server appliance vulnerabilities, The Arms Race of Hacking

code, Security Zones and Permissions, Deploy .NET Enterprise Security Policy Updates, Microsoft Initiatives

access, Security Zones and Permissions (see )

managed, Microsoft Initiatives

obfuscating, Deploy .NET Enterprise Security Policy Updates

code samples, EmployeeManagementWeb Practice Files, Guide to the Code Samples, Guide to the Code Samples, Guide to the Code Samples, Guide to the Code Samples, Guide to the Code Samples, Employee Management System, Employee Management System, Employee Management System, Encryption Demo, Contents of SecurityLibrary.vb

.aspx sample, Employee Management System

DPAPI, Contents of SecurityLibrary.vb

EmployeeDatabase.mdb, Guide to the Code Samples

EmployeeManagementWeb, EmployeeManagementWeb Practice Files, Employee Management System

EMS, Employee Management System (see )

encryption demo, Guide to the Code Samples

practice files for chapters, Guide to the Code Samples

TogglePassportEnvironment utility, Guide to the Code Samples, Encryption Demo

Web site for, Guide to the Code Samples

code-access security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, Code-Access Security, How Actions Are Considered Safe or Unsafe, How Actions Are Considered Safe or Unsafe, How Actions Are Considered Safe or Unsafe, How Actions Are Considered Safe or Unsafe, How Actions Are Considered Safe or Unsafe, It’s On By Default, It’s On By Default, It’s On By Default, Code-Access Security vs. Application Role-Based Security, Code-Access Security vs. Application Role-Based Security, Code-Access Security Preempts Application Role-Based Security, Code-Access Security Preempts Application Role-Based Security, Code-Access Security Preempts Application Role-Based Security, Run Your Code in Different Security Zones, Run Your Code in Different Security Zones, What Code-Access Security Is Meant To Protect, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions, How Visual Basic .NET Determines Zone, Ensuring That Your Code Will Run Safely, Ensuring That Your Code Will Run Safely, Ensuring That Your Code Will Run Safely, Ensuring That Your Code Will Run Safely, Ensuring That Your Code Will Run Safely, Ensuring That Your Code Will Run Safely, Ensuring That Your Code Will Run Safely, Code-Access Security in the Real World, Windows Installer Deployment, Cabinet-File Deployment, Deploy and Run Your Application in the .NET Security Sandbox, Deploy and Run Your Application in the .NET Security Sandbox

chained calls, Security Zones and Permissions

components, restricting, Code-Access Security

cooperating with system, Ensuring That Your Code Will Run Safely

defaults, How Actions Are Considered Safe or Unsafe

defined, Code-Access Security

Demands, How Actions Are Considered Safe or Unsafe, It’s On By Default

deployment, Ensuring That Your Code Will Run Safely, Windows Installer Deployment, Cabinet-File Deployment

digital signatures, Ensuring That Your Code Will Run Safely

evidence, Code-Access Security, Security Zones and Trust Levels

file access sample, Code-Access Security Preempts Application Role-Based Security

functions blocked by default, How Actions Are Considered Safe or Unsafe

goals of, Code-Access Security, What Code-Access Security Is Meant To Protect

highly-trusted applications, Code-Access Security

highly-untrusted applications, Code-Access Security

Internet Explorer zones, Security Zones and Trust Levels

Internet warning, How Actions Are Considered Safe or Unsafe

isolated storage, Ensuring That Your Code Will Run Safely

loading options for applications, Ensuring That Your Code Will Run Safely

location factor, Code-Access Security

luring attacks, Security Zones and Permissions

modifying policy, Ensuring That Your Code Will Run Safely

network share file access, Run Your Code in Different Security Zones

next generation applications, Code-Access Security in the Real World

OS restrictions, Code-Access Security Preempts Application Role-Based Security

permission types, Code-Access Security

preemption of roles, Code-Access Security vs. Application Role-Based Security

preventing execution, means of, How Actions Are Considered Safe or Unsafe

purpose of, Code-Access Security

role-based security, compared to, Code-Access Security vs. Application Role-Based Security

safe vs. unsafe actions, Code-Access Security

sandboxes, Deploy and Run Your Application in the .NET Security Sandbox

security zones, Security Zones and Trust Levels

SecurityException, Run Your Code in Different Security Zones

settings, storing, Ensuring That Your Code Will Run Safely

single computer, applications on, Code-Access Security Preempts Application Role-Based Security

system components, It’s On By Default

tactics for critical operations, How Visual Basic .NET Determines Zone

trust, Code-Access Security, Security Zones and Trust Levels

unexpected results from, It’s On By Default

Windows Installer for permissions with, Deploy and Run Your Application in the .NET Security Sandbox

collisions, Hash Digests

column level authorization, SQL Server Authorization

COM interop–based exceptions, Global Exception Handlers

commenting in code, Respond to Threats

CompareValidator, Validation Tools Available to ASP.NET Web Applications

components, Code-Access Security, Security Zones and Permissions, Prioritize Analysis Based on the Function of Each Component

access, restricting, Code-Access Security

code security of, Security Zones and Permissions (see )

diagramming for threat analysis, Prioritize Analysis Based on the Function of Each Component

conflicts, multiuser, Handling Exceptions

constants, viewing, Create a Blueprint of Your Application

control systems, Securing Web Applications

controls, validating input of, Validation Tools Available to ASP.NET Web Applications

cookies, Forms Authentication, Forms Authentication, Parse Method, Testing Tools, Draw Architectural Sketch and Review for Threats, Prioritize Threats

attacks with, Draw Architectural Sketch and Review for Threats, Prioritize Threats

Cookie Pal, Testing Tools

Cookies collection, Parse Method

Forms authentication generated, Forms Authentication, Forms Authentication

costs, increasing, trend of, What Happens Next?

CPU starvation attacks, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

crashes, Application Attacks and How to Avoid Them, Where Exceptions Occur

DoS attacks creating, Application Attacks and How to Avoid Them

exceptions caused by, Where Exceptions Occur

Create keyword, Review Code for Threats

credit cards, Securing Web Applications in the Real World

cross-site scripting attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, Cross-Site Scripting Attacks, When HTML Script Injection Becomes a Problem, When HTML Script Injection Becomes a Problem, When HTML Script Injection Becomes a Problem, When HTML Script Injection Becomes a Problem, Use Server.HtmlEncode and Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode, Create a Blueprint of Your Application

dangerous HTML scripts, Cross-Site Scripting Attacks

defensive techniques, When HTML Script Injection Becomes a Problem

defined, Cross-Site Scripting Attacks

escape sequences, Use Server.HtmlEncode and Server.UrlEncode

HTML entities, Use Server.HtmlEncode and Server.UrlEncode

HTML link creation for, When HTML Script Injection Becomes a Problem

input length checks, Use Server.HtmlEncode and Server.UrlEncode

inserting false logon pages, When HTML Script Injection Becomes a Problem

problems with HTML, Cross-Site Scripting Attacks

Request.QueryString, Use Server.HtmlEncode and Server.UrlEncode

Server.HtmlEncode, When HTML Script Injection Becomes a Problem

Server.UrlEncode, Use Server.HtmlEncode and Server.UrlEncode

testing against, Create a Blueprint of Your Application

turning off Request object validation, Cross-Site Scripting Attacks

ValidateRequest attribute, Cross-Site Scripting Attacks, Use Server.HtmlEncode and Server.UrlEncode

VB .NET 2003 protection from, Cross-Site Scripting Attacks

vulnerable application example, Cross-Site Scripting Attacks

CSRs (certificate signing requests), How SSL Works

currency validation, Parse Method

CustomValidator, Validation Tools Available to ASP.NET Web Applications

cyber-terrorism, The Arms Race of Hacking