D

Dashboard sample form, Employee Management System

data authentication, Privacy vs. Security

Data Encryption Standard, Private Key Encryption (see )

data or input tampering attacks, Mitigating Threats

databases, Practice Files, Public Key Encryption, SQL-Injection Attacks, Create a Blueprint of Your Application, Securing Databases, Securing Databases, Securing Databases, Securing Databases, Securing Databases, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, Determining Who Is Logged On, Determining Who Is Logged On, SQL Server Authorization, SQL Server Authorization, SQL Server Authorization, SQL Server Authorization, SQL Server Authorization, Microsoft Access User-Level Security Models, Microsoft Access User-Level Security Models, Locking Down SQL Server, Step 1: Believe You Will Be Attacked, Detection, Future Trends

Access authentication, SQL Server Authorization

Access, Microsoft, SQL Server Authorization (see )

administrating accounts, SQL Server Authentication

authentication, Securing Databases

authorization, Securing Databases, Determining Who Is Logged On, Microsoft Access User-Level Security Models

blank password problem, SQL Server Authentication

column-level authorization, SQL Server Authorization

importance of, Securing Databases

locking down, Securing Databases

logons, setting up, SQL Server Authentication

Mixed Mode authentication, SQL Server Authentication

permissions for, Microsoft Access User-Level Security Models

privilege assignment, Determining Who Is Logged On

removing unencrypted fields, Public Key Encryption

row-level authorization, SQL Server Authorization

sample for exercises, Practice Files

single authentication method, SQL Server Authentication

SQL, Locking Down SQL Server (see )

SQL authentication, Securing Databases (see )

SQL injection, SQL-Injection Attacks (see )

SQL Slammer worm, Step 1: Believe You Will Be Attacked, Detection, Future Trends

table-level authorization, SQL Server Authorization

testing security of, Create a Blueprint of Your Application

Windows Authentication, changing to, SQL Server Authentication

dates, validating, General Language Validation Tools

debugging features, Testing Approaches

Declare keyword, Review Code for Threats

decompiling, Deploy .NET Enterprise Security Policy Updates

decomposing, Plan of Attack—The Test Plan

decryption, Encryption, Encryption, Private Key Encryption

(see also )

defined, Encryption

private key, Private Key Encryption

default behavior, Step 5: Threat-Model the Vulnerabilities

default installations, lack of security of, Locking Down Windows, Internet Information Services, and .NET

delay signing, Strong Naming, Certificates, and Signing Exercise

Delete keyword, Review Code for Threats

Demands, How Actions Are Considered Safe or Unsafe, It’s On By Default

demilitarized zones (DMZs), Step 4: Design a Secure Architecture

denial of service (DoS) attacks, Code-Access Security, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Application Attacks and How to Avoid Them, Denial of Service Attacks, Denial of Service Attacks, Denial of Service Attacks, Denial of Service Attacks, Defensive Techniques for DoS Attacks, Defensive Techniques for DoS Attacks, Defensive Techniques for DoS Attacks, Defensive Techniques for DoS Attacks, Defending Against Memory and Resource DoS Attacks, SQL-Injection Attacks, Stress Testing, Mitigating Threats, Cyber-Terrorism

.NET vulnerability to, Application Attacks and How to Avoid Them

application crash form, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

CPU starvation attacks, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

defending against, Denial of Service Attacks

defined, Code-Access Security, Application Attacks and How to Avoid Them

forms of, Application Attacks and How to Avoid Them

input, limiting, Defending Against Memory and Resource DoS Attacks

memory starvation form, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

mitigation techniques for, Mitigating Threats

network bandwidth starvation form, Denial of Service Attacks

on domain-name servers, Cyber-Terrorism

requests, limiting, Denial of Service Attacks

resource starvation form, Application Attacks and How to Avoid Them, Defensive Techniques for DoS Attacks

SQL-injection for, SQL-Injection Attacks

stress testing to prevent, Stress Testing

system crash form, Denial of Service Attacks

deployment, Ensuring That Your Code Will Run Safely, Securing Your Application for Deployment, Securing Your Application for Deployment, Securing Your Application for Deployment, XCopy Deployment, XCopy Deployment, Windows Installer Deployment, Windows Installer Deployment, Windows Installer Deployment, Windows Installer Deployment, Cabinet-File Deployment, Cabinet-File Deployment, Cabinet-File Deployment, Cabinet-File Deployment, Cabinet-File Deployment, Deploy and Run Your Application in the .NET Security Sandbox, Deploy and Run Your Application in the .NET Security Sandbox, Deploy and Run Your Application in the .NET Security Sandbox, Obtain an X.509 Certificate from a Certificate Authority, Authenticode Signing, When to Use Authenticode Signing, Strong-Named Visual Basic .NET .DLLs and Partial Trust, Should You Authenticode-Sign and Strong-Name Your Application?, Should You Authenticode-Sign and Strong-Name Your Application?, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Deploying .NET Security Policy Updates, Deploy .NET Enterprise Security Policy Updates, Deploy .NET Enterprise Security Policy Updates, Deploy .NET Enterprise Security Policy Updates, Obscurity <> Security, Deployment Checklist, Step 10: Design for Maintenance, Prepare for a Response

.MSI deployment packages, Deploy .NET Enterprise Security Policy Updates

.NET Framework Configuration tool, Deploy .NET Enterprise Security Policy Updates

.NET security policy updates, Deploying .NET Security Policy Updates

ActiveX components, Windows Installer Deployment

ASP.NET Web server applications, Should You Authenticode-Sign and Strong-Name Your Application?

Authenticode signing, Obtain an X.509 Certificate from a Certificate Authority

cabinet files, Windows Installer Deployment, Cabinet-File Deployment

certificates, Authenticode Signing (see )

checklist for, Obscurity <> Security

code-access security, Ensuring That Your Code Will Run Safely, Windows Installer Deployment, Cabinet-File Deployment

delay signing, Strong Naming, Certificates, and Signing Exercise

fixes for attacks, Prepare for a Response

Internet distribution, advantages of, Deploy and Run Your Application in the .NET Security Sandbox

measures to secure, list of, Securing Your Application for Deployment

methods of, Securing Your Application for Deployment

no-touch, XCopy Deployment, Cabinet-File Deployment, Deploy and Run Your Application in the .NET Security Sandbox, When to Use Authenticode Signing, Step 10: Design for Maintenance

obfuscating code, Deploy .NET Enterprise Security Policy Updates

packaging costs, Deploy and Run Your Application in the .NET Security Sandbox

real-world considerations, Deployment Checklist

sample application, Should You Authenticode-Sign and Strong-Name Your Application?

setup packages, signing, Strong Naming, Certificates, and Signing Exercise

strong names, Strong-Named Visual Basic .NET .DLLs and Partial Trust (see )

timestamp services, Strong Naming, Certificates, and Signing Exercise

user options, allowing, Windows Installer Deployment

viewing certificates, Strong Naming, Certificates, and Signing Exercise

Windows Installer, XCopy Deployment, Cabinet-File Deployment

XCopy for, Securing Your Application for Deployment, Cabinet-File Deployment

Deployment Wizard, Microsoft Visual Studio .NET, XCopy Deployment

DES, Private Key Encryption (see )

design steps, Ten Steps to Designing a Secure Enterprise System, Ten Steps to Designing a Secure Enterprise System, Ten Steps to Designing a Secure Enterprise System, Design Challenges, Design Challenges, Step 1: Believe You Will Be Attacked, Step 2: Design and Implement Security at the Beginning, Step 2: Design and Implement Security at the Beginning, Step 2: Design and Implement Security at the Beginning, Step 4: Design a Secure Architecture, Named-Pipes vs. TCP-IP, Named-Pipes vs. TCP-IP, Step 5: Threat-Model the Vulnerabilities, Step 5: Threat-Model the Vulnerabilities, Step 5: Threat-Model the Vulnerabilities, Step 8: No Back Doors, Step 8: No Back Doors, Step 10: Design for Maintenance, Step 10: Design for Maintenance, Analyze for Threats and Vulnerabilities

architectural security, Step 2: Design and Implement Security at the Beginning

back doors, eliminating, Step 8: No Back Doors

beginning with security, Step 1: Believe You Will Be Attacked

believing attacks will come, Design Challenges

challenges to, Ten Steps to Designing a Secure Enterprise System

firewalls, Step 8: No Back Doors

level of security, picking, Step 2: Design and Implement Security at the Beginning

maintenance considerations, Step 10: Design for Maintenance

minimum security measures in architecture, Named-Pipes vs. TCP-IP

missteps, Ten Steps to Designing a Secure Enterprise System

modeling vulnerabilities, Named-Pipes vs. TCP-IP

named-pipes vs. TCP/IP, Step 4: Design a Secure Architecture

off switches, Step 10: Design for Maintenance

overview, Ten Steps to Designing a Secure Enterprise System

serious attitude development, Design Challenges

simplicity, Step 5: Threat-Model the Vulnerabilities

team education, Step 2: Design and Implement Security at the Beginning

threat analysis, Analyze for Threats and Vulnerabilities

usability, Step 5: Threat-Model the Vulnerabilities

Windows OS security features, Step 5: Threat-Model the Vulnerabilities

detecting attacks, Detection, Detection, Early Detection, Early Detection, Early Detection, Early Detection, Early Detection, Detecting That an Attack Has Taken Place or Is in Progress, Detecting That an Attack Has Taken Place or Is in Progress, Detecting That an Attack Has Taken Place or Is in Progress, Detecting That an Attack Has Taken Place or Is in Progress, Detecting That an Attack Has Taken Place or Is in Progress, Detecting That an Attack Has Taken Place or Is in Progress, Detecting That an Attack Has Taken Place or Is in Progress, Determining Whether to Trust Your Detection Mechanisms, Determining Whether to Trust Your Detection Mechanisms, Determining Whether to Trust Your Detection Mechanisms, Determining Whether to Trust Your Detection Mechanisms, Prepare for a Response

anomaly detection, Detecting That an Attack Has Taken Place or Is in Progress

confidence in, Determining Whether to Trust Your Detection Mechanisms

early detection, Detection

exception handlers, Detecting That an Attack Has Taken Place or Is in Progress

feedback to users, Early Detection

following the attack, Early Detection

hardware inventories, Detecting That an Attack Has Taken Place or Is in Progress

human factors, Determining Whether to Trust Your Detection Mechanisms

IDSs for, Detecting That an Attack Has Taken Place or Is in Progress

in-progress, Early Detection

logging activity, Early Detection, Detecting That an Attack Has Taken Place or Is in Progress

monitoring news groups, Early Detection

overview of, Detection

real-world considerations, Prepare for a Response

reboots, unscheduled, Detecting That an Attack Has Taken Place or Is in Progress

redundancy, Determining Whether to Trust Your Detection Mechanisms

signature detection, Detecting That an Attack Has Taken Place or Is in Progress

snapshots of data, Determining Whether to Trust Your Detection Mechanisms

deterrence, Threats—Analyze, Prevent, Detect, and Respond

development team, education of, Step 2: Design and Implement Security at the Beginning

device names, use in attacks, Enforce Canonical Filenames

digital certificates, Secure Sockets Layer, Secure Sockets Layer, How SSL Works, How SSL Works, How SSL Works, How SSL Works, How SSL Works, How SSL Works, Deploy and Run Your Application in the .NET Security Sandbox, Digital Certificates, Obtain an X.509 Certificate from a Certificate Authority, Obtain an X.509 Certificate from a Certificate Authority, Obtain an X.509 Certificate from a Certificate Authority, Obtain an X.509 Certificate from a Certificate Authority, Authenticode Signing, When to Use Authenticode Signing, Strong-Named Visual Basic .NET .DLLs and Partial Trust, Should You Authenticode-Sign and Strong-Name Your Application?, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise, Update .NET Enterprise Security Policy, Update .NET Enterprise Security Policy

application integrity assurance, Authenticode Signing

Authenticode signing, Obtain an X.509 Certificate from a Certificate Authority

CSRs, How SSL Works

defined, Secure Sockets Layer

hash value security policy attribute, Update .NET Enterprise Security Policy

installing, How SSL Works

private keys for, Obtain an X.509 Certificate from a Certificate Authority

publisher identity, Obtain an X.509 Certificate from a Certificate Authority, Update .NET Enterprise Security Policy

purpose of, Deploy and Run Your Application in the .NET Security Sandbox

root certificates, How SSL Works

sample application, Should You Authenticode-Sign and Strong-Name Your Application?

setup packages, Strong Naming, Certificates, and Signing Exercise

signatures, checking, When to Use Authenticode Signing

Software Publisher Certificates, Obtain an X.509 Certificate from a Certificate Authority, Strong Naming, Certificates, and Signing Exercise

SSL, Secure Sockets Layer

strong names, Strong-Named Visual Basic .NET .DLLs and Partial Trust (see )

test certificates, How SSL Works, Strong Naming, Certificates, and Signing Exercise

timestamp services, Strong Naming, Certificates, and Signing Exercise

validity of, How SSL Works

VeriSign, obtaining from, How SSL Works

viewing, Strong Naming, Certificates, and Signing Exercise

X.509, Digital Certificates

Dir keyword, Review Code for Threats

direct user input, Validating Input

directories, Keeping Private Keys Safe, Windows Integrated Security, Windows Integrated Security, Role-Based Authorization in the Real World, Security Zones and Permissions, Security Zones and Permissions, Defending Against Memory and Resource DoS Attacks, Defending Against Memory and Resource DoS Attacks

Active Directory, Windows Integrated Security, Role-Based Authorization in the Real World, Security Zones and Permissions

directory-based attacks, Defending Against Memory and Resource DoS Attacks

DirectoryServicesPermission, Security Zones and Permissions

restricting access to, Windows Integrated Security

root, hackers finding, Defending Against Memory and Resource DoS Attacks

security for private key encryption, Keeping Private Keys Safe

disabling auto logon, Automated Tools

disassembling code, Create a Blueprint of Your Application

disk space attacks, Application Attacks and How to Avoid Them (see )

distributed architecture recommended, Step 2: Design and Implement Security at the Beginning

DLLs (dynamic-link libraries), Create Scenarios Based on Inroads for Attack, Strong Names vs. Weak Names

DMZs (demilitarized zones), Step 4: Design a Secure Architecture

DNS permission, Security Zones and Permissions, Security Zones and Permissions

documentation, Prioritize Analysis Based on the Function of Each Component, Respond to Threats

domain controllers, Implement BIOS Password Protection

domain-name system root servers, Cyber-Terrorism

DoS attacks, Defensive Techniques for DoS Attacks (see )

Dotfuscator, Deploy .NET Enterprise Security Policy Updates

DPAPI encryption, functions, sample, Contents of SecurityLibrary.vb

drives, physical, "I’m Already Protected. I’m Using a Firewall.", Automated Tools, Automated Tools, Enable Auditing

FAT file system, "I’m Already Protected. I’m Using a Firewall.", Automated Tools

NTFS formatting, Automated Tools

sharing, locking down, Enable Auditing

DumpBin, Testing Tools

dynamic loading, attacks against, Use Server.HtmlEncode and Server.UrlEncode