Hacking the Code: ASP.NET Web Application Security
暫譯: 破解程式碼:ASP.NET 網頁應用程式安全性
Mark Burnett
- 出版商: Syngress Media
- 出版日期: 2004-04-24
- 定價: $1,813
- 售價: 5.0 折 $907
- 語言: 英文
- 頁數: 447
- 裝訂: Hardcover
- ISBN: 1932266658
- ISBN-13: 9781932266658
-
相關分類:
.NET、ASP.NET、資訊安全、駭客 Hack
立即出貨(限量) (庫存=2)
買這商品的人也買了...
-
XILINX FPGA 數位邏輯設計$540$486 -
計算機組織與設計--軟硬體界面第二版 (Computer Organization & Design, 2/e)$680$537 -
$1,274Computer Architecture: A Quantitative Approach, 3/e(精裝本) -
ASP.NET 程式設計徹底研究$590$466 -
鳥哥的 Linux 私房菜-伺服器架設篇$750$638 -
鳥哥的 Linux 私房菜─基礎學習篇增訂版$560$476 -
精通 Windows Server 2003 目錄服務與系統管理篇 (Mastering Windows Server 2003)$780$616 -
SCJP‧SCJD 專業認證指南 (Sun Certified Programmer & Developer for Java 2 #310-305 與310-027)$850$723 -
專案管理實務入門-引導專案成功的52條準則$280$218 -
人月神話:軟體專案管理之道 (20 週年紀念版)(The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition, 2/e)$480$379 -
JSP 2.0 技術手冊$750$593 -
Linux 網路管理實務: 調校、帳號、監控、安全$580$458 -
CCNA 認證教戰手冊 Exam 640-801 (CCNA Cisco Certified Network Associate Study Guide, 4/e)$780$616 -
嵌入式系統導論, 3/e$760$646 -
Fedora Core 2 Linux 實務應用$650$514 -
最新 JavaScript 完整語法參考辭典 第三版$490$382 -
C++ Primer Plus, 5/e 中文精華版$540$427 -
$2,340Understanding the Linux Kernel, 3/e (Paperback) -
$529The Elements of Style, 4/e (IE-Paperback) -
$523Writing Academic English, 4/e -
溫伯格的軟體管理學-系統化思考 (第1卷) (Quality Software Management, Volume 1: Systems Thinking)$650$514 -
Advanced Engineering Mathematics, 9/e(Abridged International Student Edition)$1,100$1,078 -
Windows Vista 非常 Easy$299$236 -
Google Android SDK 開發範例大全$750$638 -
職業駭客的告白II部曲 - Python 和 Ruby 啟發式程式語言的秘密$520$406
商品描述
Are Your Web Applications Really Secure? This unique book walks you through the many threats to your web application code, from managing and authorizing users and encrypting private data to filtering user input and securing XML. For every defined threat, it provides a menu of solutions and coding considerations. And, it offers coding examples and a set of security policies for each of the corresponding threats.
Know the threats to your applications:
- Develop secure password policies and how to securely manage user passwords in your web application.
- Establish a secure procedure for resetting lost or forgotten passwords and discover how to properly use secret questions in that process.
- Securely authenticate and authorize users, taking advantage of the advanced capabilities in ASP.NET
- Limit exposure to credential harvesting and brute force password attacks.
- Securely manage user sessions and learn how to create strong user authentication tokens.
- Work with the built-in state providers and securely implement view state in your forms.
- Make sense of the extensive encryption features in ASP.NET and employ symmetric and asymmetric encryption for sensitive data.
- Properly encrypt and store secrets to the registry, a file, or the protected store.
- Filter user input to prevent from SQL injection, directory traversal, cross-site scripting and other application-level attacks.
- Apply techniques such as pattern matching and data reflecting to control exposure to malicious input attacks.
- Configure honey drops to detect attacks on your web application
- Configure IIS and ASP.NET to constrain buffer overflow, denial of service, and other attacks.
- Write secure database access code.
- Secure databases and database drivers.
- Construct secure HTML markup to limit exposure to cross-site scripting and cross-site request forgery attacks.
- Use structured
error handling to prevent failure conditions that open holes or reveal
sensitive information. · Integrate XML encryption and apply XML digital
signatures.
Your Solutions Membership Gives You Access to: - Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
- "From the Author" Forum where the authors post timely updates and links to related sites
- These
downloadable e-booklets:
Stealing The Network: How to Own a Continent: Product of Fate: The Evolution of a Hacker
Special Ops: Host and Network Security for Microsoft, Unix, and Oracle: Hacking Custom Web Applications
CYA: Securing IIS: Configuring Advanced Web Server Security
IT Ethics Handbook: Programmers and Analysts
商品描述(中文翻譯)
您的網頁應用程式真的安全嗎?這本獨特的書籍將引導您了解許多威脅您的網頁應用程式代碼的因素,從管理和授權用戶、加密私人數據到過濾用戶輸入和保護 XML。對於每一個定義的威脅,它提供了一系列解決方案和編碼考量。此外,它還為每個相應的威脅提供了編碼範例和一套安全政策。
了解您應用程式的威脅:
- 制定安全的密碼政策,以及如何在您的網頁應用程式中安全地管理用戶密碼。
- 建立安全的程序以重置遺失或忘記的密碼,並了解如何在該過程中正確使用秘密問題。
- 安全地驗證和授權用戶,利用 ASP.NET 中的高級功能。
- 限制對憑證收集和暴力破解密碼攻擊的暴露。
- 安全地管理用戶會話,並學習如何創建強大的用戶身份驗證令牌。
- 使用內建的狀態提供者,並在您的表單中安全地實現視圖狀態。
- 理解 ASP.NET 中廣泛的加密功能,並對敏感數據使用對稱和非對稱加密。
- 正確加密並將秘密存儲到註冊表、文件或受保護的存儲中。
- 過濾用戶輸入,以防止 SQL 注入、目錄遍歷、跨站腳本和其他應用程式級別的攻擊。
- 應用模式匹配和數據反射等技術,以控制對惡意輸入攻擊的暴露。
- 配置蜜罐以檢測對您的網頁應用程式的攻擊。
- 配置 IIS 和 ASP.NET 以限制緩衝區溢出、拒絕服務和其他攻擊。
- 編寫安全的數據庫訪問代碼。
- 保護數據庫和數據庫驅動程式。
- 構建安全的 HTML 標記,以限制對跨站腳本和跨站請求偽造攻擊的暴露。
- 使用結構化錯誤處理來防止開啟漏洞或揭露敏感信息的失敗條件。整合 XML 加密並應用 XML 數位簽名。
您的解決方案會員資格讓您可以訪問:
- 綜合 FAQ 頁面,將本書的所有要點整合到一個易於搜索的網頁中。
- “來自作者”的論壇,作者在此發布及時更新和相關網站的鏈接。
- 這些可下載的電子小冊子:
- *Stealing The Network: How to Own a Continent:* 命運的產物:黑客的演變
- *Special Ops: Host and Network Security for Microsoft, Unix, and Oracle:* 黑客自定義網頁應用程式
- *CYA: Securing IIS:* 配置高級網頁伺服器安全性
- *IT Ethics Handbook:* 程式設計師和分析師
