Securing .NET Applications

Securing .NET Applications

Guiding Principles for Surviving a Cyber Attack

Harrison, Nick







Pré-lançamento - envio 15 a 20 dias após a sua edição

Descrição não disponível.
Chapter 1, Secure Computing in an Insecure World This chapter will introduce the concept of software based security and fit it in the context of the application developers Survey of Various Dangers Understanding the Risks No Such Thing as "Secure" Our Goal is Defensible Security is Everyone's Concern, Especially the Developer Chapter 2: Overview of Common Attack Vectors In this chapter we will discuss some of the top attack patterns that frequently plague web application Parameter Manipulation Various Injections Sensitive Data Exposure (Other vectors) Chapter 3: Security Principles In this chapter we will give an overview of various guiding principles for secure programming. This chapter will include references to other chapters where these concepts are discussed in greater depth of real world examples are showcased Fail Securely Positive Security Model (White list) Negative Security Model (Black list) Minimize Attack Surface Separation of Duties Avoid Security Through Obscurity Keep Security Simple Don't Trust Services Defense in Depth Least Privilege Establish Secure Defaults Chapter 4: Validations in Practice Blessed are the Paranoid for they Validate In this chapter we will explore all things validation Don't Trust Users Don't Trust Input Parameters from unknown sources Don't Trust Input Files you didn't write Don't trust data even from your own database Overview of the Standard Validators Validators are SQL Firewall Rules Chapter 5: Application Topography for Security Blessed are the Lonely for they Separate In this chapter we discuss how to structure a distributed application paying attention to what goes inside and outside of the firewall Distributed Application creates a Larger Attack Surface Separate the Database from the Application Server Properly Handling Connection Strings What should stay outside the firewall What should stay inside the firewall How do servers communicate Chapter 6: Mitigating Risk by Minimizing Privilege Blessed are the Cautious for they Follow the Principle of Least Privilege In this chapter we will introduce and explore the Principle of Least Privilege. We will see how this applies to the database specifically as well as to network resources in general. The Database has all the Keys to the Kingdom Separate Key Sensitive Data to a Separate Database Isolate Key Sensitive in the Same Database with Separate Logins Separate Transaction Data from Reporting Data Understanding Access Control Lists Chapter 7: Cryptography in Practice Blessed are the Cryptic for Even Stolen Data is Secure In this chapter we will discuss cryptography from an application perspective. We will review the common algorithms used, how they are executed, and we will discuss some best practices for using cryptography. Cryptography can be a Self-Imposed Denial of Service if used wrong Symmetric Cryptography Asymmetric Cryptography Digital Signatures Hashing Chapter 8: Authentication and Authorization In this chapter we will discuss all things related to Authentication and Authorization. This may be split into 2 chapters not sure yet. Password complexity policies Password resets 2 Factor Authentication Idle Timeouts Logging Out Authorization Matrix Access Control Lists Protected Resources Static Resources Reauthorization JWT (JSON Web Tokens) Chapter 9: Securing Web Services In this chapter we will discuss web services, the roles they play in modern web applications and how to properly secure them. Chapter 10 Threat Modeling In this chapter we will step through the Microsoft Threat Modeling Process. We will discuss the importance of modeling, review the individual steps, and discuss ways to incorporate this into your development lifecycle Identify Security Objectives Survey the Application Decompose the Application Identify Threats STRIDE DREAD Chapter 11 Best Practices This will be a wrap up chapter that will reiterate all the best practices identified though out the book. Best practices will be grouped by chapter giving the reader a quick link back to where the best practice was introduced so they can quickly get more context.
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.