Securing .NET Applications: Guiding Principles for Surviving a Cyber Attack
Autor Nick Harrisonen Limba Engleză Paperback – 2 noi 2020
Use
the
best
practices
taught
in
this
book
to
defend
your
application
against
future
attack
patterns.
You
also
will
learn
about
other
equally
critical
means
of
securing
your
application,
including
validation
logic,
threat
modeling,
authentication,
authorization,
and
much
more.
This
book
covers
the
role
that
.NET
developers
play
when
it
comes
to
security.
You
will
learn
about
cryptography,
but
that
is
not
the
only
tool
at
your
disposal.
After
reading
this
book
you
will
come
away
feeling
empowered
and
confident
when
it
comes
to
taking
charge
of
the
application
security
issues
that
are
in
your
control.
What
You'll
Learn
- Understand
the
key
concepts
of
software-based
security
in
the
context
of
application
development
- See
how
to
structure
a
distributed
application
inside
and
outside
of
the
firewall
- Explore
and
recognize
common
attack
vectors
- Gain
a
thorough
understanding
of
validations
- Work
through
various
examples
of
software
security
with
a
sense
of
humor
- Embrace
the
power
you
have
as
a
developer
- Know
the
risks
in
order
to
ensure
that
development
efforts
work
to
mitigate
the
risks
Who
This
Book
Is
For
.NET
developers,
especially
those
who
are
developing
applications
that
are
visible
on
the
Internet
Preț: 160.95 lei
Preț vechi: 201.19 lei
-20%
Puncte Express: 241
Preț estimativ în valută:
30.84€ • 33.40$ • 26.44£
30.84€ • 33.40$ • 26.44£
Carte anulată
Doresc să fiu notificat când acest titlu va fi disponibil:
Se trimite...
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781484236666
ISBN-10: 1484236661
Pagini: 380
Dimensiuni: 155 x 235 mm
Ediția:1st ed.
Editura: Apress
Colecția Apress
Locul publicării:Berkeley, CA, United States
ISBN-10: 1484236661
Pagini: 380
Dimensiuni: 155 x 235 mm
Ediția:1st ed.
Editura: Apress
Colecția Apress
Locul publicării:Berkeley, CA, United States
Cuprins
Chapter
1,
Secure
Computing
in
an
Insecure
World
This chapter will introduce the concept of software based security and fit it in the context of the application developers
Survey of Various Dangers
Understanding the Risks
No Such Thing as “Secure” Our Goal is Defensible
Security is Everyone’s Concern, Especially the Developer
Chapter 2: Overview of Common Attack Vectors
In this chapter we will discuss some of the top attack patterns that frequently plague web application
Parameter Manipulation
Various Injections Sensitive Data Exposure
(Other vectors)
Chapter 3: Security Principles
In this chapter we will give an overview of various guiding principles for secure programming. This chapter will include references to other chapters where these concepts are discussed in greater depth of real world examples are showcased
Fail Securely
Positive Security Model (White list)
Negative Security Model (Black list)
Minimize Attack Surface
Separation of Duties
Avoid Security Through Obscurity
Keep Security Simple
Don’t Trust Services
Defense in Depth
Least Privilege
Establish Secure Defaults
Chapter 4: Validations in Practice
Blessed are the Paranoid for they Validate
In this chapter we will explore all things validation
Don’t Trust Users
Don’t Trust Input Parameters from unknown sources
Don’t Trust Input Files you didn’t write
Don’t trust data even from your own database
Overview of the Standard Validators
Validators are SQL Firewall Rules
Chapter 5: Application Topography for Security
Blessed are the Lonely for they Separate
In this chapter we discuss how to structure a distributed application paying attention to what goes inside and outside of the firewall
Distributed Application creates a Larger Attack Surface
Separate the Database from the Application Server
Properly Handling Connection Strings
What should stay outside the firewall
What should stay inside the firewall
How do servers communicate
Chapter 6: Mitigating Risk by Minimizing Privilege
Blessed are the Cautious for they Follow the Principle of Least Privilege
In this chapter we will introduce and explore the Principle of Least Privilege. We will see how this applies to the database specifically as well as to network resources in general.
The Database has all the Keys to the Kingdom
Separate Key Sensitive Data to a Separate Database
Isolate Key Sensitive in the Same Database with Separate Logins
Separate Transaction Data from Reporting Data
Understanding Access Control Lists
Chapter 7: Cryptography in Practice
This chapter will introduce the concept of software based security and fit it in the context of the application developers
Survey of Various Dangers
Understanding the Risks
No Such Thing as “Secure” Our Goal is Defensible
Security is Everyone’s Concern, Especially the Developer
Chapter 2: Overview of Common Attack Vectors
In this chapter we will discuss some of the top attack patterns that frequently plague web application
Parameter Manipulation
Various Injections Sensitive Data Exposure
(Other vectors)
Chapter 3: Security Principles
In this chapter we will give an overview of various guiding principles for secure programming. This chapter will include references to other chapters where these concepts are discussed in greater depth of real world examples are showcased
Fail Securely
Positive Security Model (White list)
Negative Security Model (Black list)
Minimize Attack Surface
Separation of Duties
Avoid Security Through Obscurity
Keep Security Simple
Don’t Trust Services
Defense in Depth
Least Privilege
Establish Secure Defaults
Chapter 4: Validations in Practice
Blessed are the Paranoid for they Validate
In this chapter we will explore all things validation
Don’t Trust Users
Don’t Trust Input Parameters from unknown sources
Don’t Trust Input Files you didn’t write
Don’t trust data even from your own database
Overview of the Standard Validators
Validators are SQL Firewall Rules
Chapter 5: Application Topography for Security
Blessed are the Lonely for they Separate
In this chapter we discuss how to structure a distributed application paying attention to what goes inside and outside of the firewall
Distributed Application creates a Larger Attack Surface
Separate the Database from the Application Server
Properly Handling Connection Strings
What should stay outside the firewall
What should stay inside the firewall
How do servers communicate
Chapter 6: Mitigating Risk by Minimizing Privilege
Blessed are the Cautious for they Follow the Principle of Least Privilege
In this chapter we will introduce and explore the Principle of Least Privilege. We will see how this applies to the database specifically as well as to network resources in general.
The Database has all the Keys to the Kingdom
Separate Key Sensitive Data to a Separate Database
Isolate Key Sensitive in the Same Database with Separate Logins
Separate Transaction Data from Reporting Data
Understanding Access Control Lists
Chapter 7: Cryptography in Practice
Blessed
are
the
Cryptic
for
Even
Stolen
Data
is
Secure
In
this
chapter
we
will
discuss
cryptography
from
an
application
perspective.
We
will
review
the
common
algorithms
used,
how
they
are
executed,
and
we
will
discuss
some
best
practices
for
using
cryptography.
Cryptography can be a Self-Imposed Denial of Service if used wrong
Symmetric Cryptography
Asymmetric Cryptography
Digital Signatures
Hashing
Chapter 8: Authentication and Authorization
In this chapter we will discuss all things related to Authentication and Authorization. This may be split into 2 chapters not sure yet.
Password complexity policies
Password resets
2 Factor Authentication
Idle Timeouts
Logging Out
Authorization Matrix
Access Control Lists
Protected Resources
Static Resources
Reauthorization
JWT (JSON Web Tokens)
Chapter 9: Securing Web Services
In this chapter we will discuss web services, the roles they play in modern web applications and how to properly secure them.
Chapter 10 Threat Modeling
In this chapter we will step through the Microsoft Threat Modeling Process. We will discuss the importance of modeling, review the individual steps, and discuss ways to incorporate this into your development lifecycle
Identify Security Objectives
Survey the Application
Decompose the Application
Identify Threats
STRIDE
DREAD
Chapter 11 Best Practices
This will be a wrap up chapter that will reiterate all the best practices identified though out the book. Best practices will be grouped by chapter giving the reader a quick link back to where the best practice was introduced so they can quickly get more context.
Cryptography can be a Self-Imposed Denial of Service if used wrong
Symmetric Cryptography
Asymmetric Cryptography
Digital Signatures
Hashing
Chapter 8: Authentication and Authorization
In this chapter we will discuss all things related to Authentication and Authorization. This may be split into 2 chapters not sure yet.
Password complexity policies
Password resets
2 Factor Authentication
Idle Timeouts
Logging Out
Authorization Matrix
Access Control Lists
Protected Resources
Static Resources
Reauthorization
JWT (JSON Web Tokens)
Chapter 9: Securing Web Services
In this chapter we will discuss web services, the roles they play in modern web applications and how to properly secure them.
Chapter 10 Threat Modeling
In this chapter we will step through the Microsoft Threat Modeling Process. We will discuss the importance of modeling, review the individual steps, and discuss ways to incorporate this into your development lifecycle
Identify Security Objectives
Survey the Application
Decompose the Application
Identify Threats
STRIDE
DREAD
Chapter 11 Best Practices
This will be a wrap up chapter that will reiterate all the best practices identified though out the book. Best practices will be grouped by chapter giving the reader a quick link back to where the best practice was introduced so they can quickly get more context.
Notă biografică
Nick
Harrisonis
a
software
developer
with
Vertical
Alliance
Group,
a
consultancy
in
Columbia,
South
Carolina,
USA.
He
has
more
than
20
years
of
experience
developing
software,
starting
with
Unix
system
programming
and
ultimately
progressing
to
.NET.
He
has
expertise
in
full
life
cycle
development,
from
initial
inception
through
post-deployment
support
and
has
worked
on
many
projects,
including
a
full-featured
loan
origination
system
for
a
prominent
mortgage
lender
and
rapid
prototypes
for
small
startups.
Nick
has
strategic
experience
resolving
problems
identified
with
data
access
logic
and
other
performance
bottlenecks.
He
is
often
found
presenting
at
user
group
meetings
and
is
the
author
of
many
articles
and
books
on
a
wide
range
of
technical
topics,
including
MVC,
T4,
Roslyn,
Software
Metrics,
Design
Patterns,
Web
Design,
and
more.
Textul de pe ultima copertă
Use
the
best
practices
taught
in
this
book
to
defend
your
application
against
future
attack
patterns.
You
also
will
learn
about
other
equally
critical
means
of
securing
your
application,
including
validation
logic,
threat
modeling,
authentication,
authorization,
and
much
more.
This
book
covers
the
role
that
.NET
developers
play
when
it
comes
to
security.
You
will
learn
about
cryptography,
but
that
is
not
the
only
tool
at
your
disposal.
After
reading
this
book
you
will
come
away
feeling
empowered
and
confident
when
it
comes
to
taking
charge
of
the
application
security
issues
that
are
in
your
control.
What
You'll
Learn:
- Understand
the
key
concepts
of
software-based
security
in
the
context
of
application
development
- See
how
to
structure
a
distributed
application
inside
and
outside
of
the
firewall
- Explore
and
recognize
common
attack
vectors
- Gain
a
thorough
understanding
of
validations
- Work
through
various
examples
of
software
security
with
a
sense
of
humor
- Embrace
the
power
you
have
as
a
developer
- Know
the
risks
in
order
to
ensure
that
development
efforts
work
to
mitigate
the
risks
This
book
is
for .NET
developers,
especially
those
who
are
developing
applications
that
are
visible
on
the
Internet.
Caracteristici
Teaches
best
practices
for
secure
programming
Presents real-world scenarios to illustrate and illuminate each concept
Shows you how to take charge of application security issues that are in your control
Presents real-world scenarios to illustrate and illuminate each concept
Shows you how to take charge of application security issues that are in your control