T

table level authorization, SQL Server Authorization

tampering with data attacks, Identify Threats

tax, security as a, Ten Steps to Designing a Secure Enterprise System

TCP-IP vs. named-pipes, Step 4: Design a Secure Architecture

Teleport Pro, Testing Tools

Telnet service, Enable Auditing

terrorism, The Arms Race of Hacking

testing, Testing for Attack-Resistant Code, Testing for Attack-Resistant Code, Testing for Attack-Resistant Code, Testing for Attack-Resistant Code, Testing for Attack-Resistant Code, Testing for Attack-Resistant Code, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Plan of Attack—The Test Plan, Take the Attacker’s View, Create a Blueprint of Your Application, Create a Blueprint of Your Application, Create a Blueprint of Your Application, Create a Blueprint of Your Application, Create a Blueprint of Your Application, Create Scenarios Based on Inroads for Attack, Create Scenarios Based on Inroads for Attack, Create Scenarios Based on Inroads for Attack, Get Focused—Prioritize Scenarios, Get Focused—Prioritize Scenarios, Generate Tests, Generate Tests, Generate Tests, Filter and Prioritize Tests for Each Scenario, Filter and Prioritize Tests for Each Scenario, Filter and Prioritize Tests for Each Scenario, Testing Approaches, Testing Approaches, Testing Approaches, Testing Approaches, Testing Approaches, Ad Hoc, or Manual, Testing, Automated Unit Testing, Automated Unit Testing, Stress Testing, Testing Tools, Testing Tools, Testing Tools, Testing Tools, Testing Tools, Testing Tools, Testing Tools, Example: Create a Test Tool for Testing Web Applications, Example: Create a Test Tool for Testing Web Applications, Example: Create a Test Tool for Testing Web Applications, Example: Create a Test Tool for Testing Web Applications, Test in the Target Environment, Test in the Target Environment, Test in the Target Environment, Test in the Target Environment, Testing Too Little, Too Late, Testing Too Little, Too Late, Failing to Factor In the Cost of Testing, Failing to Factor In the Cost of Testing, Failing to Factor In the Cost of Testing, Assuming Third-Party Components Are Safe

approaches, Filter and Prioritize Tests for Each Scenario

attacker’s view, taking, Plan of Attack—The Test Plan

automated unit testing, Testing Approaches, Ad Hoc, or Manual, Testing, Testing Tools

benefits of security emphasis, Plan of Attack—The Test Plan

beta feedback, role, Failing to Factor In the Cost of Testing

blueprints of applications, Take the Attacker’s View

brainstorming scenarios, Plan of Attack—The Test Plan

components of, Testing for Attack-Resistant Code

cost, Filter and Prioritize Tests for Each Scenario, Failing to Factor In the Cost of Testing

creating tools for, Testing Tools

database security, Create a Blueprint of Your Application

debugging features for, Testing Approaches

deployment environments, in, Example: Create a Test Tool for Testing Web Applications

DLL spoofing, Create Scenarios Based on Inroads for Attack

features, security vs. usefulness, Plan of Attack—The Test Plan

filtering tests, Generate Tests

generating tests, Get Focused—Prioritize Scenarios

hidden fields, Create a Blueprint of Your Application, Example: Create a Test Tool for Testing Web Applications

importance, Testing for Attack-Resistant Code, Test in the Target Environment

inroads, scenarios based on, Create a Blueprint of Your Application

insufficient, Test in the Target Environment

lateness mistake, Test in the Target Environment

manual testing, Testing Approaches

mistakes, common, Test in the Target Environment

network redirection tools, Testing Tools

NUnit tool, Automated Unit Testing, Testing Tools

password cracking tools, Testing Tools

permission levels, Example: Create a Test Tool for Testing Web Applications

plan development, Testing for Attack-Resistant Code

plan execution, Filter and Prioritize Tests for Each Scenario

prioritizing scenarios, Create Scenarios Based on Inroads for Attack

prioritizing tests, Testing for Attack-Resistant Code, Generate Tests

profile tools, Testing Tools

public functions, Create a Blueprint of Your Application

real-world considerations, Assuming Third-Party Components Are Safe

relevance to scenarios, Generate Tests

retasked components, Testing Too Little, Too Late

reverse-engineering tools, Testing Tools

schedules, Testing for Attack-Resistant Code

security aspect, Plan of Attack—The Test Plan

self-testing code, Testing Approaches

stress testing, Testing Approaches, Automated Unit Testing

target configurations, Plan of Attack—The Test Plan

third-party components, Failing to Factor In the Cost of Testing

tools for, Stress Testing

unknown issues, narrowing, Testing Too Little, Too Late

URL-based attacks, Create Scenarios Based on Inroads for Attack

usage scenarios, Testing for Attack-Resistant Code

user name input, Get Focused—Prioritize Scenarios

WebTester sample application, Example: Create a Test Tool for Testing Web Applications

XML file vulnerability, Create a Blueprint of Your Application

text boxes, validating input, Direct User Input

third-party components, danger, Failing to Factor In the Cost of Testing

Thread objects, Prioritize Threats

threat analysis, Named-Pipes vs. TCP-IP, Analyze for Threats and Vulnerabilities, Analyze for Threats and Vulnerabilities, Threat Analysis Exercise, Threat Analysis Exercise, Allocate Time, Allocate Time, Allocate Time, Prioritize Analysis Based on the Function of Each Component, Prioritize Analysis Based on the Function of Each Component, Prioritize Analysis Based on the Function of Each Component, Prioritize Analysis Based on the Function of Each Component, Draw Architectural Sketch and Review for Threats, Prioritize Threats, Prioritize Threats, Prioritize Threats

allocating time, Allocate Time

architectural sketches, Prioritize Analysis Based on the Function of Each Component

cost considerations, Allocate Time

defined, Analyze for Threats and Vulnerabilities

documentation, Prioritize Analysis Based on the Function of Each Component

EMS example, prioritized table of threats, Prioritize Threats

key concepts, Threat Analysis Exercise

listing threats, Prioritize Analysis Based on the Function of Each Component

modeling in design phase, Named-Pipes vs. TCP-IP

planning, Prioritize Analysis Based on the Function of Each Component

prioritizing components, Allocate Time

prioritizing threats, Prioritize Threats

response development, Prioritize Threats

reviewing code, Draw Architectural Sketch and Review for Threats

steps in process, Threat Analysis Exercise

vulnerabilities, analyzing for, Analyze for Threats and Vulnerabilities

threats, Use Quotes Around All Path Names, Named-Pipes vs. TCP-IP, Threats—Analyze, Prevent, Detect, and Respond, Analyze for Threats and Vulnerabilities, Identify Threats, Identify Threats, Prioritize Threats, Prioritize Threats, Mitigating Threats, Mitigating Threats, Mitigating Threats, Mitigating Threats, Prepare for a Response, Allocate Time, Prioritize Threats, Prioritize Threats

(see also )

analyzing for, Allocate Time (see , )

bypassing UI attack, Mitigating Threats

identifying, Analyze for Threats and Vulnerabilities

intercepting data attacks, Mitigating Threats

methods for avoiding damage, Threats—Analyze, Prevent, Detect, and Respond

mitigating, Prioritize Threats

modeling in design phase, Named-Pipes vs. TCP-IP

password-cracking attacks, Mitigating Threats

posing as users, Mitigating Threats

prioritizing, Identify Threats, Prioritize Threats

real-world considerations, Prepare for a Response

response options, Prioritize Threats

severity, factors, Identify Threats

tracking, Prioritize Threats

time limitations, Ten Steps to Designing a Secure Enterprise System

timestamp services, Strong Naming, Certificates, and Signing Exercise

TlntSvr service, Enable Auditing

TogglePassportEnvironment utility, Guide to the Code Samples, Encryption Demo

tools, Stress Testing, Testing Tools, Fundamental Lockdown Principles, What Happens Next?

hackers, used by, What Happens Next?

locking down platforms, for, Fundamental Lockdown Principles

testing with, Stress Testing

Web-page manipulation, Testing Tools

trace-back, Privacy vs. Security

tracing routes, Securing Web Applications

tracking threats, Prioritize Threats

training development teams, Step 2: Design and Implement Security at the Beginning

transactions, Securing Web Services, Securing Web Services, Identify Threats, Mitigating Threats

audit trails, Securing Web Services

repudiation, Securing Web Services, Identify Threats, Mitigating Threats

transport-level security, How SSL Works (see )

trends in security, Cyber-Terrorism, What Happens Next?, What Happens Next?, What Happens Next?, What Happens Next?, Privacy vs. Security, Privacy vs. Security, Privacy vs. Security, Privacy vs. Security, The IPv6 Internet Protocol, The IPv6 Internet Protocol

arms race intensification, What Happens Next?

authentication, Privacy vs. Security

Big Brother systems, Privacy vs. Security

cost increases, What Happens Next?

government initiatives, The IPv6 Internet Protocol

IPv6 (Internet Protocol version 6), Privacy vs. Security

Microsoft initiatives, The IPv6 Internet Protocol

privacy issues, What Happens Next?

trace-back, Privacy vs. Security

unified systems, Cyber-Terrorism

virus intensification, What Happens Next?

Triple-DES, Private Key Encryption, Private Key Encryption, Private Key Encryption, Keeping Private Keys Safe, Keeping Private Keys Safe

decryption function, Private Key Encryption

defined, Private Key Encryption

function using, creating, Private Key Encryption

passphrases, Keeping Private Keys Safe

safety of keys, Keeping Private Keys Safe

trust levels, Code-Access Security, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Trust Levels, Security Zones and Permissions

code-access permission defaults, Security Zones and Trust Levels

defaults for zones, Security Zones and Trust Levels

definition of trust, Code-Access Security

Full Trust, Security Zones and Trust Levels

permissions associated with, Security Zones and Permissions

Trusted Sites zone, Security Zones and Trust Levels, Security Zones and Permissions, Security Zones and Permissions, How Visual Basic .NET Determines Zone

defined, Security Zones and Trust Levels

permissions, Security Zones and Permissions, Security Zones and Permissions

scope, How Visual Basic .NET Determines Zone

Trustworthy Computing Initiative, Assuming Third-Party Components Are Safe, Microsoft Initiatives

Try...Catch blocks, Exception Handling

Type keyword, Review Code for Threats