S

sa account, SQL-Injection Attacks, Locking Down SQL Server

sandboxes, Deploy and Run Your Application in the .NET Security Sandbox

scalability, effect on DoS attacks, Mitigating Threats

scenarios, attack, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Create a Blueprint of Your Application, Create Scenarios Based on Inroads for Attack, Get Focused—Prioritize Scenarios, Get Focused—Prioritize Scenarios, Get Focused—Prioritize Scenarios, Generate Tests

attacker’s view, taking, Plan of Attack—The Test Plan

brainstorming, Plan of Attack—The Test Plan

creating based on inroads, Create a Blueprint of Your Application

defined, Plan of Attack—The Test Plan

generating tests for, Get Focused—Prioritize Scenarios

including all in testing, Get Focused—Prioritize Scenarios

prioritizing, Create Scenarios Based on Inroads for Attack

relevance of tests to, Generate Tests

threat prioritization, Get Focused—Prioritize Scenarios

scoped addresses, The IPv6 Internet Protocol

screen saver passwords, Turn Off Unnecessary Sharing

script kiddies, What Happens Next?

scripts, disabling, Plan of Attack—The Test Plan

Secure Hashing Algorithm, Practice Files (see )

secure sockets layer, How SSL Works (see )

Security Adjustment Wizard, Run Your Code in Different Security Zones

security policy, Ensuring That Your Code Will Run Safely, Deploying .NET Security Policy Updates

changing, Ensuring That Your Code Will Run Safely

updates, Deploying .NET Security Policy Updates

security zones, Run Your Code in Different Security Zones, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Local Intranet, Internet, and Trusted Sites Zones, How Visual Basic .NET Determines Zone, How Visual Basic .NET Determines Zone, Ensuring That Your Code Will Run Safely

ASP.NET, How Visual Basic .NET Determines Zone

code-access permissions granted in, Security Zones and Trust Levels

default trust levels, Security Zones and Trust Levels

determination by .NET, Local Intranet, Internet, and Trusted Sites Zones

Internet, Security Zones and Trust Levels, Security Zones and Permissions

Internet Explorer, Security Zones and Trust Levels

loading options for applications, Ensuring That Your Code Will Run Safely

Local Intranet, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions

My Computer, Security Zones and Trust Levels, Security Zones and Permissions

showing available, Run Your Code in Different Security Zones

symbols for, Security Zones and Trust Levels

trust levels, changing, Security Zones and Permissions

Trusted Sites, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions

Untrusted Sites, Security Zones and Trust Levels, Security Zones and Permissions

Windows Forms assignments, How Visual Basic .NET Determines Zone

SecurityLibrary.vb, Hash Digests, Contents of SecurityLibrary.vb

SecurityPermission, Security Zones and Permissions, Local Intranet, Internet, and Trusted Sites Zones

self-testing code, Testing Approaches

servers, Fundamental Lockdown Principles, Implement BIOS Password Protection, Locking Down .NET, Step 10: Design for Maintenance

locking down, Implement BIOS Password Protection

service packs, Fundamental Lockdown Principles, Locking Down .NET, Step 10: Design for Maintenance

ServerVariables collection, Parse Method

service packs, Fundamental Lockdown Principles, Locking Down .NET, Locking Down Microsoft Access, Step 10: Design for Maintenance

locking down, Fundamental Lockdown Principles, Locking Down .NET

maintaining, Step 10: Design for Maintenance

Microsoft Access, Locking Down Microsoft Access

ServiceControllerPermission, Security Zones and Permissions

SHA-1, Practice Files, Practice Files, Practice Files, Hash Digests, Hash Digests, Contents of SecurityLibrary.vb

defined, Practice Files

display format for hashes, Practice Files

function, Contents of SecurityLibrary.vb

function returning, Hash Digests

hash digests, Practice Files

verification, Hash Digests

shares, Run Your Code in Different Security Zones, How Visual Basic .NET Determines Zone, Enable Auditing

file, Enable Auditing

network, Run Your Code in Different Security Zones, How Visual Basic .NET Determines Zone

Shell command, How Actions Are Considered Safe or Unsafe, Use Server.HtmlEncode and Server.UrlEncode, Review Code for Threats

attacks against, Use Server.HtmlEncode and Server.UrlEncode

code-access default, How Actions Are Considered Safe or Unsafe

defined, Review Code for Threats

Show function, How Actions Are Considered Safe or Unsafe

signatures, digital, Authenticode Signing (see )

SignCode.exe, Strong Naming, Certificates, and Signing Exercise

simplicity, Step 5: Threat-Model the Vulnerabilities

Slammer worm, Step 1: Believe You Will Be Attacked, Detection, Future Trends

SMTPSVC service, Enable Auditing

social engineering attacks, Cyber-Terrorism

sockets, Security Zones and Permissions

Software Publisher Certificates, Obtain an X.509 Certificate from a Certificate Authority, Strong Naming, Certificates, and Signing Exercise

source code, attackers accessing, Create a Blueprint of Your Application

spoofing, Hash Digests, Strong-Name Signing, Identify Threats

attacks, Identify Threats

hashes, Hash Digests

strong names to prevent, Strong-Name Signing

SQL Server Authentication, Securing Databases

SQL Server authentication, Securing Databases, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, Determining Who Is Logged On, Determining Who Is Logged On, Determining Who Is Logged On, How SQL Server Assigns Privileges, How SQL Server Assigns Privileges, How SQL Server Assigns Privileges

administration considerations, SQL Server Authentication

administrative permission privileges, Determining Who Is Logged On

advantages of Windows Authentication, SQL Server Authentication

blank passwords, SQL Server Authentication

changing Mixed to Windows Authentication, SQL Server Authentication

default users, Determining Who Is Logged On

determining logged-on users, SQL Server Authentication

groups, adding, SQL Server Authentication

guest user, Determining Who Is Logged On, How SQL Server Assigns Privileges

logons, setting up, SQL Server Authentication

mechanisms, Securing Databases

Mixed Mode, SQL Server Authentication

public role, How SQL Server Assigns Privileges

roles, How SQL Server Assigns Privileges

Windows Authorization, SQL Server Authentication

SQL Server authorization, Determining Who Is Logged On

SQL Server Profiler, Testing Tools

SQL Server, Microsoft, SQL-Injection Attacks, Securing Databases, SQL Server Authentication, Determining Who Is Logged On, SQL Server Authorization, SQL Server Authorization, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Step 4: Design a Secure Architecture, Step 4: Design a Secure Architecture, Step 9: Secure the Network with a Firewall, Future Trends, Migrating the Employee Database to SQL Server 2000, Migrating the Employee Database to SQL Server 2000

access restriction, Locking Down SQL Server

account for running, Locking Down Microsoft Access

attacks, injection, SQL-Injection Attacks (see )

auditing, Locking Down SQL Server

Authentication, Securing Databases (see )

authentication, SQL Server Authentication (see )

authorization, Determining Who Is Logged On

buffer overruns, Future Trends

clustering, Step 4: Design a Secure Architecture

directory access, restricting, Locking Down Microsoft Access

encryption, Locking Down SQL Server

IPSec, Locking Down SQL Server

locking down, Locking Down Microsoft Access

logging, Locking Down SQL Server

named-pipes vs. TCP/IP, Step 4: Design a Secure Architecture

passwords, Locking Down SQL Server

permissions, SQL Server Authorization, Locking Down SQL Server

port, Step 9: Secure the Network with a Firewall

SA account, Locking Down SQL Server

sample database, Migrating the Employee Database to SQL Server 2000

stored procedures for authorization, SQL Server Authorization

stored procedures, adding to, Migrating the Employee Database to SQL Server 2000

system commands, danger of, Locking Down Microsoft Access

xp_cmdshell, Locking Down Microsoft Access

SQL Slammer worm, Step 1: Believe You Will Be Attacked, Detection, Future Trends

SQL-injection attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, Validate Input Parameters, Use Parameterized Queries, Add a Stored Procedure to Validate the User, Add a Stored Procedure to Validate the User, Create a Blueprint of Your Application

application execution, SQL-Injection Attacks

defensive techniques, SQL-Injection Attacks

defined, SQL-Injection Attacks

EMS sample defense, Add a Stored Procedure to Validate the User

example, SQL-Injection Attacks

final parameter checks, Add a Stored Procedure to Validate the User

IIS, stopping, SQL-Injection Attacks

input validation, SQL-Injection Attacks

least privilege principle, SQL-Injection Attacks

logon issues, SQL-Injection Attacks

Microsoft Access databases, SQL-Injection Attacks, SQL-Injection Attacks

parameterized query defense, Validate Input Parameters

sa account, SQL-Injection Attacks

stored procedure defense, Use Parameterized Queries

testing against, Create a Blueprint of Your Application

user names, SQL-Injection Attacks

xp_cmdshell command, SQL-Injection Attacks

SqlClientPermission, Security Zones and Permissions

SSL (secure sockets layer), Securing Web Applications, Securing Web Applications, Securing Web Applications, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, How SSL Works, How SSL Works, How SSL Works, How SSL Works, How SSL Works, Securing Web Services, Securing Web Services, Validation Tools Available to ASP.NET Web Applications, Locking Down SQL Server

adding to applications, How SSL Works

advantages, Securing Web Applications

bidirectionality, Secure Sockets Layer

browser support, Secure Sockets Layer

certificates, Secure Sockets Layer

disadvantages, Secure Sockets Layer

ease of implementation, Securing Web Applications

https://, Secure Sockets Layer, How SSL Works

IIS sections, specifying, How SSL Works

methodology, Secure Sockets Layer

Page_Load events, How SSL Works

private key generation, Secure Sockets Layer

purpose, Securing Web Applications

requirements, software, Secure Sockets Layer

resources, consumption, Secure Sockets Layer

setting up, references, How SSL Works

speed, effects on, Secure Sockets Layer

SQL Server, Locking Down SQL Server

validating input, Validation Tools Available to ASP.NET Web Applications

Web services using, Securing Web Services, Securing Web Services

staff as a design challenge, Design Challenges

steps for designing security, Step 2: Design and Implement Security at the Beginning (see )

storage, Ensuring That Your Code Will Run Safely, Automated Tools

drives, Automated Tools

isolated, Ensuring That Your Code Will Run Safely

stored procedures, Use Parameterized Queries, Migrating the Employee Database to SQL Server 2000

adding to SQL Server, Migrating the Employee Database to SQL Server 2000

SQL-injection attack defense, Use Parameterized Queries

stress testing, Testing Approaches, Automated Unit Testing

stress, exceptions from, Where Exceptions Occur

STRIDE security threat model, Identify Threats

strong name security policy attribute, Update .NET Enterprise Security Policy

strong passwords, Fundamental Lockdown Principles

strong-name signatures, Create Scenarios Based on Inroads for Attack, When the Authenticode Signature Is Checked, When the Authenticode Signature Is Checked, When the Authenticode Signature Is Checked, When the Authenticode Signature Is Checked, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong Names vs. Weak Names, Strong Names vs. Weak Names, Strong Names vs. Weak Names, Strong Names vs. Weak Names, Strong-Named Visual Basic .NET .DLLs and Partial Trust, Should You Authenticode-Sign and Strong-Name Your Application?, Should You Authenticode-Sign and Strong-Name Your Application?, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise

.NET assemblies, Create Scenarios Based on Inroads for Attack

Authenticode, compared to, Strong-Named Visual Basic .NET .DLLs and Partial Trust

benefits, Strong-Name Signing

creating applications, Strong Naming, Certificates, and Signing Exercise

defined, When the Authenticode Signature Is Checked

delay signing, Strong Naming, Certificates, and Signing Exercise

DLLs with, Strong Names vs. Weak Names

hash digests, When the Authenticode Signature Is Checked

integrity assurance, Strong-Name Signing

operation, Strong-Name Signing

partially trusted DLLs, Strong Names vs. Weak Names

parts, When the Authenticode Signature Is Checked

public keys, When the Authenticode Signature Is Checked

PublicKeyToken, Strong Names vs. Weak Names

recommended use, Should You Authenticode-Sign and Strong-Name Your Application?

representation, Strong Names vs. Weak Names

sample application, Should You Authenticode-Sign and Strong-Name Your Application?

spoofing, preventing, Strong-Name Signing

unique identity guarantees, Strong-Name Signing

version integrity, Strong-Name Signing

weak names, compared to, Strong-Name Signing

strong-named .NET assemblies, Create Scenarios Based on Inroads for Attack

subroutine input, validating, Input to Subroutines

Sun Microsystems vulnerabilities, The Arms Race of Hacking

symmetric encryption, Private Key Encryption (see )

system components, code-access security techniques, It’s On By Default

system crash DoS attacks, Denial of Service Attacks