Securing .NET Applications
Guiding Principles for Surviving a Cyber Attack
(Sprache: Englisch)
Use the best practices taught in this book to defend your application against future attack patterns. You also will learn about other equally critical means of securing your application, including validation logic, threat modeling, authentication,...
Leider schon ausverkauft
versandkostenfrei
Buch
36.29 €
- Lastschrift, Kreditkarte, Paypal, Rechnung
- Kostenlose Rücksendung
Produktdetails
Produktinformationen zu „Securing .NET Applications “
Klappentext zu „Securing .NET Applications “
Use the best practices taught in this book to defend your application against future attack patterns. You also will learn about other equally critical means of securing your application, including validation logic, threat modeling, authentication, authorization, and much more. This book covers the role that .NET developers play when it comes to security. You will learn about cryptography, but that is not the only tool at your disposal. After reading this book you will come away feeling empowered and confident when it comes to taking charge of the application security issues that are in your control.
What You'll Learn
Understand the key concepts of software-based security in the context of application development
See how to structure a distributed application inside and outside of the firewall
Explore and recognize common attack vectors
Gain a thorough understanding of validations
Work through various examples of software security with a sense of humor
Embrace the poweryou have as a developer
Know the risks in order to ensure that development efforts work to mitigate the risks Who This Book Is For
.NET developers, especially those who are developing applications that are visible on the Internet
Inhaltsverzeichnis zu „Securing .NET Applications “
Chapter 1, Secure Computing in an Insecure World This chapter will introduce the concept of software based security and fit it in the context of the application developers
Survey of Various Dangers
Understanding the Risks
No Such Thing as "Secure" Our Goal is Defensible
Security is Everyone's Concern, Especially the Developer
Chapter 2: Overview of Common Attack Vectors
In this chapter we will discuss some of the top attack patterns that frequently plague web application
Parameter Manipulation Various Injections
Sensitive Data Exposure
(Other vectors)
Chapter 3: Security Principles
In this chapter we will give an overview of various guiding principles for secure programming. This chapter will include references to other chapters where these concepts are discussed in greater depth of real world examples are showcased
Fail Securely
Positive Security Model (White list)
Negative Security Model (Black list)
Minimize Attack Surface
Separation of Duties
Avoid Security Through Obscurity
Keep Security Simple
Don't Trust Services
Defense in Depth
Least Privilege
Establish Secure Defaults
Chapter 4: Validations in Practice
Blessed are the Paranoid for they Validate
In this chapter we will explore all things validation
Don't Trust Users
Don't Trust Input Parameters from unknown sources
Don't Trust Input Files you didn't write
Don't trust data even from your own database
Overview of the Standard Validators
Validators are SQL Firewall Rules
Chapter 5: Application Topography for Security
Blessed are the Lonely for they Separate
In this chapter we discuss how to structure a distributed
... mehr
application paying attention to what goes inside and outside of the firewall
Distributed Application creates a Larger Attack Surface
Separate the Database from the Application Server
Properly Handling Connection Strings
What should stay outside the firewall
What should stay inside the firewall
How do servers communicate
Chapter 6: Mitigating Risk by Minimizing Privilege
Blessed are the Cautious for they Follow the Principle of Least Privilege
In this chapter we will introduce and explore the Principle of Least Privilege. We will see how this applies to the database specifically as well as to network resources in general.
The Database has all the Keys to the Kingdom
Separate Key Sensitive Data to a Separate Database
Isolate Key Sensitive in the Same Database with Separate Logins
Separate Transaction Data from Reporting Data
Understanding Access Control Lists
Chapter 7: Cryptography in PracticeBlessed are the Cryptic for Even Stolen Data is Secure
In this chapter we will discuss cryptography from an application perspective. We will review the common algorithms used, how they are executed, and we will discuss some best practices for using cryptography.
Cryptography can be a Self-Imposed Denial of Service if used wrong
Symmetric Cryptography
Asymmetric Cryptography
Digital Signatures
Hashing
Chapter 8: Authentication and Authorization
In this chapter we will discuss all things related to Authentication and Authorization. This may be split into 2 chapters not sure yet.
Password complexity policies
Password resets
2 Factor Authentication
Idle Timeouts
Logging Out
Authorization Matrix
Access Control Lists
Protected Resources
Static Resources
Reauthorization
JWT (JSON Web Tokens)
Chapter 9: Securing Web Services
In this chapter we will discuss web services, the roles they play in modern web applications and how to properly secure them.
Chapter 10 Threat Modeling
In this chapter we will step through the Microsoft Threat Modeling Process. We will discuss the importance of modeling, review the individual steps, and discuss ways to incorporate this into your development lifecycle
Identify Security Objectives
Survey the Application
Decompose the Application
Identify Threats
STRIDE
DREAD
Chapter 11 Best Practices This will be a wrap up chapter that will reiterate all the best practices identified though out the book. Best practices will be grouped by chapter giving the reader a quick link back to where the best practice was introduced so they can quickly get more context.
Distributed Application creates a Larger Attack Surface
Separate the Database from the Application Server
Properly Handling Connection Strings
What should stay outside the firewall
What should stay inside the firewall
How do servers communicate
Chapter 6: Mitigating Risk by Minimizing Privilege
Blessed are the Cautious for they Follow the Principle of Least Privilege
In this chapter we will introduce and explore the Principle of Least Privilege. We will see how this applies to the database specifically as well as to network resources in general.
The Database has all the Keys to the Kingdom
Separate Key Sensitive Data to a Separate Database
Isolate Key Sensitive in the Same Database with Separate Logins
Separate Transaction Data from Reporting Data
Understanding Access Control Lists
Chapter 7: Cryptography in PracticeBlessed are the Cryptic for Even Stolen Data is Secure
In this chapter we will discuss cryptography from an application perspective. We will review the common algorithms used, how they are executed, and we will discuss some best practices for using cryptography.
Cryptography can be a Self-Imposed Denial of Service if used wrong
Symmetric Cryptography
Asymmetric Cryptography
Digital Signatures
Hashing
Chapter 8: Authentication and Authorization
In this chapter we will discuss all things related to Authentication and Authorization. This may be split into 2 chapters not sure yet.
Password complexity policies
Password resets
2 Factor Authentication
Idle Timeouts
Logging Out
Authorization Matrix
Access Control Lists
Protected Resources
Static Resources
Reauthorization
JWT (JSON Web Tokens)
Chapter 9: Securing Web Services
In this chapter we will discuss web services, the roles they play in modern web applications and how to properly secure them.
Chapter 10 Threat Modeling
In this chapter we will step through the Microsoft Threat Modeling Process. We will discuss the importance of modeling, review the individual steps, and discuss ways to incorporate this into your development lifecycle
Identify Security Objectives
Survey the Application
Decompose the Application
Identify Threats
STRIDE
DREAD
Chapter 11 Best Practices This will be a wrap up chapter that will reiterate all the best practices identified though out the book. Best practices will be grouped by chapter giving the reader a quick link back to where the best practice was introduced so they can quickly get more context.
... weniger
Autoren-Porträt von Nick Harrison
Nick Harrison is a software developer with Vertical Alliance Group, a consultancy in Columbia, South Carolina, USA. He has more than 20 years of experience developing software, starting with Unix system programming and ultimately progressing to .NET. He has expertise in full life cycle development, from initial inception through post-deployment support and has worked on many projects, including a full-featured loan origination system for a prominent mortgage lender and rapid prototypes for small startups. Nick has strategic experience resolving problems identified with data access logic and other performance bottlenecks. He is often found presenting at user group meetings and is the author of many articles and books on a wide range of technical topics, including MVC, T4, Roslyn, Software Metrics, Design Patterns, Web Design, and more.
Bibliographische Angaben
- Autor: Nick Harrison
- 2020, 1st ed., XX, 380 Seiten, Maße: 15,5 x 23,5 cm, Kartoniert (TB), Englisch
- Verlag: APress
- ISBN-10: 1484236661
- ISBN-13: 9781484236666
- Erscheinungsdatum: 02.11.2020
Sprache:
Englisch
Kommentar zu "Securing .NET Applications"
Schreiben Sie einen Kommentar zu "Securing .NET Applications".
Kommentar verfassen