S
- sa account, SQL-Injection Attacks, Locking Down SQL Server
- sandboxes, Deploy and Run Your Application in the .NET Security Sandbox
- scalability, effect on DoS attacks, Mitigating Threats
- scenarios, attack, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Create a Blueprint of Your Application, Create Scenarios Based on Inroads for Attack, Get Focused—Prioritize Scenarios, Get Focused—Prioritize Scenarios, Get Focused—Prioritize Scenarios, Generate Tests
- attacker’s view, taking, Plan of Attack—The Test Plan
- brainstorming, Plan of Attack—The Test Plan
- creating based on inroads, Create a Blueprint of Your Application
- defined, Plan of Attack—The Test Plan
- generating tests for, Get Focused—Prioritize Scenarios
- including all in testing, Get Focused—Prioritize Scenarios
- prioritizing, Create Scenarios Based on Inroads for Attack
- relevance of tests to, Generate Tests
- threat prioritization, Get Focused—Prioritize Scenarios
- scoped addresses, The IPv6 Internet Protocol
- screen saver passwords, Turn Off Unnecessary Sharing
- script kiddies, What Happens Next?
- scripts, disabling, Plan of Attack—The Test Plan
- Secure Hashing Algorithm, Practice Files (see )
- secure sockets layer, How SSL Works (see )
- Security Adjustment Wizard, Run Your Code in Different Security Zones
- security policy, Ensuring That Your Code Will Run Safely, Deploying .NET Security Policy Updates
- changing, Ensuring That Your Code Will Run Safely
- updates, Deploying .NET Security Policy Updates
- security zones, Run Your Code in Different Security Zones, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Security Zones and Permissions, Local Intranet, Internet, and Trusted Sites Zones, How Visual Basic .NET Determines Zone, How Visual Basic .NET Determines Zone, Ensuring That Your Code Will Run Safely
- ASP.NET, How Visual Basic .NET Determines Zone
- code-access permissions granted in, Security Zones and Trust Levels
- default trust levels, Security Zones and Trust Levels
- determination by .NET, Local Intranet, Internet, and Trusted Sites Zones
- Internet, Security Zones and Trust Levels, Security Zones and Permissions
- Internet Explorer, Security Zones and Trust Levels
- loading options for applications, Ensuring That Your Code Will Run Safely
- Local Intranet, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions
- My Computer, Security Zones and Trust Levels, Security Zones and Permissions
- showing available, Run Your Code in Different Security Zones
- symbols for, Security Zones and Trust Levels
- trust levels, changing, Security Zones and Permissions
- Trusted Sites, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions
- Untrusted Sites, Security Zones and Trust Levels, Security Zones and Permissions
- Windows Forms assignments, How Visual Basic .NET Determines Zone
- SecurityLibrary.vb, Hash Digests, Contents of SecurityLibrary.vb
- SecurityPermission, Security Zones and Permissions, Local Intranet, Internet, and Trusted Sites Zones
- self-testing code, Testing Approaches
- servers, Fundamental Lockdown Principles, Implement BIOS Password Protection, Locking Down .NET, Step 10: Design for Maintenance
- locking down, Implement BIOS Password Protection
- service packs, Fundamental Lockdown Principles, Locking Down .NET, Step 10: Design for Maintenance
- ServerVariables collection, Parse Method
- service packs, Fundamental Lockdown Principles, Locking Down .NET, Locking Down Microsoft Access, Step 10: Design for Maintenance
- locking down, Fundamental Lockdown Principles, Locking Down .NET
- maintaining, Step 10: Design for Maintenance
- Microsoft Access, Locking Down Microsoft Access
- ServiceControllerPermission, Security Zones and Permissions
- SHA-1, Practice Files, Practice Files, Practice Files, Hash Digests, Hash Digests, Contents of SecurityLibrary.vb
- defined, Practice Files
- display format for hashes, Practice Files
- function, Contents of SecurityLibrary.vb
- function returning, Hash Digests
- hash digests, Practice Files
- verification, Hash Digests
- shares, Run Your Code in Different Security Zones, How Visual Basic .NET Determines Zone, Enable Auditing
- file, Enable Auditing
- network, Run Your Code in Different Security Zones, How Visual Basic .NET Determines Zone
- Shell command, How Actions Are Considered Safe or Unsafe, Use Server.HtmlEncode and Server.UrlEncode, Review Code for Threats
- attacks against, Use Server.HtmlEncode and Server.UrlEncode
- code-access default, How Actions Are Considered Safe or Unsafe
- defined, Review Code for Threats
- Show function, How Actions Are Considered Safe or Unsafe
- signatures, digital, Authenticode Signing (see )
- SignCode.exe, Strong Naming, Certificates, and Signing Exercise
- simplicity, Step 5: Threat-Model the Vulnerabilities
- Slammer worm, Step 1: Believe You Will Be Attacked, Detection, Future Trends
- SMTPSVC service, Enable Auditing
- social engineering attacks, Cyber-Terrorism
- sockets, Security Zones and Permissions
- Software Publisher Certificates, Obtain an X.509 Certificate from a Certificate Authority, Strong Naming, Certificates, and Signing Exercise
- source code, attackers accessing, Create a Blueprint of Your Application
- spoofing, Hash Digests, Strong-Name Signing, Identify Threats
- attacks, Identify Threats
- hashes, Hash Digests
- strong names to prevent, Strong-Name Signing
- SQL Server Authentication, Securing Databases
- SQL Server authentication, Securing Databases, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, SQL Server Authentication, Determining Who Is Logged On, Determining Who Is Logged On, Determining Who Is Logged On, How SQL Server Assigns Privileges, How SQL Server Assigns Privileges, How SQL Server Assigns Privileges
- administration considerations, SQL Server Authentication
- administrative permission privileges, Determining Who Is Logged On
- advantages of Windows Authentication, SQL Server Authentication
- blank passwords, SQL Server Authentication
- changing Mixed to Windows Authentication, SQL Server Authentication
- default users, Determining Who Is Logged On
- determining logged-on users, SQL Server Authentication
- groups, adding, SQL Server Authentication
- guest user, Determining Who Is Logged On, How SQL Server Assigns Privileges
- logons, setting up, SQL Server Authentication
- mechanisms, Securing Databases
- Mixed Mode, SQL Server Authentication
- public role, How SQL Server Assigns Privileges
- roles, How SQL Server Assigns Privileges
- Windows Authorization, SQL Server Authentication
- SQL Server authorization, Determining Who Is Logged On
- SQL Server Profiler, Testing Tools
- SQL Server, Microsoft, SQL-Injection Attacks, Securing Databases, SQL Server Authentication, Determining Who Is Logged On, SQL Server Authorization, SQL Server Authorization, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down Microsoft Access, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Locking Down SQL Server, Step 4: Design a Secure Architecture, Step 4: Design a Secure Architecture, Step 9: Secure the Network with a Firewall, Future Trends, Migrating the Employee Database to SQL Server 2000, Migrating the Employee Database to SQL Server 2000
- access restriction, Locking Down SQL Server
- account for running, Locking Down Microsoft Access
- attacks, injection, SQL-Injection Attacks (see )
- auditing, Locking Down SQL Server
- Authentication, Securing Databases (see )
- authentication, SQL Server Authentication (see )
- authorization, Determining Who Is Logged On
- buffer overruns, Future Trends
- clustering, Step 4: Design a Secure Architecture
- directory access, restricting, Locking Down Microsoft Access
- encryption, Locking Down SQL Server
- IPSec, Locking Down SQL Server
- locking down, Locking Down Microsoft Access
- logging, Locking Down SQL Server
- named-pipes vs. TCP/IP, Step 4: Design a Secure Architecture
- passwords, Locking Down SQL Server
- permissions, SQL Server Authorization, Locking Down SQL Server
- port, Step 9: Secure the Network with a Firewall
- SA account, Locking Down SQL Server
- sample database, Migrating the Employee Database to SQL Server 2000
- stored procedures for authorization, SQL Server Authorization
- stored procedures, adding to, Migrating the Employee Database to SQL Server 2000
- system commands, danger of, Locking Down Microsoft Access
- xp_cmdshell, Locking Down Microsoft Access
- SQL Slammer worm, Step 1: Believe You Will Be Attacked, Detection, Future Trends
- SQL-injection attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, SQL-Injection Attacks, Validate Input Parameters, Use Parameterized Queries, Add a Stored Procedure to Validate the User, Add a Stored Procedure to Validate the User, Create a Blueprint of Your Application
- application execution, SQL-Injection Attacks
- defensive techniques, SQL-Injection Attacks
- defined, SQL-Injection Attacks
- EMS sample defense, Add a Stored Procedure to Validate the User
- example, SQL-Injection Attacks
- final parameter checks, Add a Stored Procedure to Validate the User
- IIS, stopping, SQL-Injection Attacks
- input validation, SQL-Injection Attacks
- least privilege principle, SQL-Injection Attacks
- logon issues, SQL-Injection Attacks
- Microsoft Access databases, SQL-Injection Attacks, SQL-Injection Attacks
- parameterized query defense, Validate Input Parameters
- sa account, SQL-Injection Attacks
- stored procedure defense, Use Parameterized Queries
- testing against, Create a Blueprint of Your Application
- user names, SQL-Injection Attacks
- xp_cmdshell command, SQL-Injection Attacks
- SqlClientPermission, Security Zones and Permissions
- SSL (secure sockets layer), Securing Web Applications, Securing Web Applications, Securing Web Applications, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, Secure Sockets Layer, How SSL Works, How SSL Works, How SSL Works, How SSL Works, How SSL Works, Securing Web Services, Securing Web Services, Validation Tools Available to ASP.NET Web Applications, Locking Down SQL Server
- adding to applications, How SSL Works
- advantages, Securing Web Applications
- bidirectionality, Secure Sockets Layer
- browser support, Secure Sockets Layer
- certificates, Secure Sockets Layer
- disadvantages, Secure Sockets Layer
- ease of implementation, Securing Web Applications
- https://, Secure Sockets Layer, How SSL Works
- IIS sections, specifying, How SSL Works
- methodology, Secure Sockets Layer
- Page_Load events, How SSL Works
- private key generation, Secure Sockets Layer
- purpose, Securing Web Applications
- requirements, software, Secure Sockets Layer
- resources, consumption, Secure Sockets Layer
- setting up, references, How SSL Works
- speed, effects on, Secure Sockets Layer
- SQL Server, Locking Down SQL Server
- validating input, Validation Tools Available to ASP.NET Web Applications
- Web services using, Securing Web Services, Securing Web Services
- staff as a design challenge, Design Challenges
- steps for designing security, Step 2: Design and Implement Security at the Beginning (see )
- storage, Ensuring That Your Code Will Run Safely, Automated Tools
- drives, Automated Tools
- isolated, Ensuring That Your Code Will Run Safely
- stored procedures, Use Parameterized Queries, Migrating the Employee Database to SQL Server 2000
- adding to SQL Server, Migrating the Employee Database to SQL Server 2000
- SQL-injection attack defense, Use Parameterized Queries
- stress testing, Testing Approaches, Automated Unit Testing
- stress, exceptions from, Where Exceptions Occur
- STRIDE security threat model, Identify Threats
- strong name security policy attribute, Update .NET Enterprise Security Policy
- strong passwords, Fundamental Lockdown Principles
- strong-name signatures, Create Scenarios Based on Inroads for Attack, When the Authenticode Signature Is Checked, When the Authenticode Signature Is Checked, When the Authenticode Signature Is Checked, When the Authenticode Signature Is Checked, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong-Name Signing, Strong Names vs. Weak Names, Strong Names vs. Weak Names, Strong Names vs. Weak Names, Strong Names vs. Weak Names, Strong-Named Visual Basic .NET .DLLs and Partial Trust, Should You Authenticode-Sign and Strong-Name Your Application?, Should You Authenticode-Sign and Strong-Name Your Application?, Strong Naming, Certificates, and Signing Exercise, Strong Naming, Certificates, and Signing Exercise
- .NET assemblies, Create Scenarios Based on Inroads for Attack
- Authenticode, compared to, Strong-Named Visual Basic .NET .DLLs and Partial Trust
- benefits, Strong-Name Signing
- creating applications, Strong Naming, Certificates, and Signing Exercise
- defined, When the Authenticode Signature Is Checked
- delay signing, Strong Naming, Certificates, and Signing Exercise
- DLLs with, Strong Names vs. Weak Names
- hash digests, When the Authenticode Signature Is Checked
- integrity assurance, Strong-Name Signing
- operation, Strong-Name Signing
- partially trusted DLLs, Strong Names vs. Weak Names
- parts, When the Authenticode Signature Is Checked
- public keys, When the Authenticode Signature Is Checked
- PublicKeyToken, Strong Names vs. Weak Names
- recommended use, Should You Authenticode-Sign and Strong-Name Your Application?
- representation, Strong Names vs. Weak Names
- sample application, Should You Authenticode-Sign and Strong-Name Your Application?
- spoofing, preventing, Strong-Name Signing
- unique identity guarantees, Strong-Name Signing
- version integrity, Strong-Name Signing
- weak names, compared to, Strong-Name Signing
- strong-named .NET assemblies, Create Scenarios Based on Inroads for Attack
- subroutine input, validating, Input to Subroutines
- Sun Microsystems vulnerabilities, The Arms Race of Hacking
- symmetric encryption, Private Key Encryption (see )
- system components, code-access security techniques, It’s On By Default
- system crash DoS attacks, Denial of Service Attacks
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.