Cantitate/Preț
Produs

Securing .NET Applications: Guiding Principles for Surviving a Cyber Attack

Autor Nick Harrison
en Limba Engleză Paperback – 2 noi 2020
Use the best practices taught in this book to defend your application against future attack patterns. You also will learn about other equally critical means of securing your application, including validation logic, threat modeling, authentication, authorization, and much more.

This book covers the role that .NET developers play when it comes to security. You will learn about cryptography, but that is not the only tool at your disposal. After reading this book you will come away feeling empowered and confident when it comes to taking charge of the application security issues that are in your control.


What You'll Learn
  • Understand the key concepts of software-based security in the context of application development
  • See how to structure a distributed application inside and outside of the firewall
  • Explore and recognize common attack vectors
  • Gain a thorough understanding of validations
  • Work through various examples of software security with a sense of humor 
  • Embrace the power you have as a developer
  • Know the risks in order to ensure that development efforts work to mitigate the risks

Who This Book Is For

.NET developers, especially those who are developing applications that are visible on the Internet 

Citește tot Restrânge

Preț: 16095 lei

Preț vechi: 20119 lei
-20%

Puncte Express: 241

Preț estimativ în valută:
3084 3340$ 2644£

Carte anulată

Doresc să fiu notificat când acest titlu va fi disponibil:

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9781484236666
ISBN-10: 1484236661
Pagini: 380
Dimensiuni: 155 x 235 mm
Ediția:1st ed.
Editura: Apress
Colecția Apress
Locul publicării:Berkeley, CA, United States

Cuprins

Chapter 1, Secure Computing in an Insecure World
This chapter will introduce the concept of software based security and fit it in the context of the application developers
Survey of Various Dangers
Understanding the Risks
No Such Thing as “Secure” Our Goal is Defensible
Security is Everyone’s Concern, Especially the Developer


Chapter 2: Overview of Common Attack Vectors
In this chapter we will discuss some of the top attack patterns that frequently plague web application
Parameter Manipulation
Various Injections Sensitive Data Exposure
(Other vectors)


Chapter 3: Security Principles
In this chapter we will give an overview of various guiding principles for secure programming.   This chapter will include references to other chapters where these concepts are discussed in greater depth of real world examples are showcased
Fail Securely
Positive Security Model (White list)
Negative Security Model (Black list)
Minimize Attack Surface
Separation of Duties
Avoid Security Through Obscurity
Keep Security Simple
Don’t Trust Services
Defense in Depth
Least Privilege
Establish Secure Defaults
 
Chapter 4: Validations in Practice
Blessed are the Paranoid for they Validate
In this chapter we will explore all things validation
Don’t Trust Users
Don’t Trust Input Parameters from unknown sources
Don’t Trust Input Files you didn’t write
Don’t trust data even from your own database
Overview of the Standard Validators
Validators are SQL Firewall Rules
 
Chapter 5: Application Topography for Security
Blessed are the Lonely for they Separate
In this chapter we discuss how to structure a distributed application paying attention to what goes inside and outside of the firewall
Distributed Application creates a Larger Attack Surface
Separate the Database from the Application Server
            Properly Handling Connection Strings
What should stay outside the firewall
What should stay inside the firewall
How do servers communicate


Chapter 6:  Mitigating Risk by Minimizing Privilege
Blessed are the Cautious for they Follow the Principle of Least Privilege
In this chapter we will introduce and explore the Principle of Least Privilege.  We will see how this applies to the database specifically as well as to network resources in general.
The Database has all the Keys to the Kingdom
Separate Key Sensitive Data to a Separate Database
Isolate Key Sensitive in the Same Database with Separate Logins
Separate Transaction Data from Reporting Data
Understanding Access Control Lists
 
Chapter 7: Cryptography in Practice

Blessed are the Cryptic for Even Stolen Data is Secure In this chapter we will discuss cryptography from an application perspective.  We will review the common algorithms used, how they are executed, and we will discuss some best practices for using cryptography.
Cryptography can be a Self-Imposed Denial of Service if used wrong
Symmetric Cryptography
Asymmetric Cryptography
Digital Signatures
Hashing


Chapter 8:  Authentication and Authorization
In this chapter we will discuss all things related to Authentication and Authorization.  This may be split into 2 chapters not sure yet.
Password complexity policies
Password resets
2 Factor Authentication
Idle Timeouts
Logging Out
Authorization Matrix
Access Control Lists
Protected Resources
Static Resources
Reauthorization
JWT (JSON Web Tokens)
 
Chapter 9: Securing Web Services
In this chapter we will discuss web services, the roles they play in modern web applications and how to properly secure them.
 
Chapter 10 Threat Modeling
In this chapter we will step through the Microsoft Threat Modeling Process.  We will discuss the importance of modeling, review the individual steps, and discuss ways to incorporate this into your development lifecycle
 Identify Security Objectives
Survey the Application
Decompose the Application
Identify Threats
STRIDE
DREAD


Chapter 11 Best Practices
This will be a wrap up chapter that will reiterate all the best practices identified though out the book.  Best practices will be grouped by chapter giving the reader a quick link back to where the best practice was introduced so they can quickly get more context.

Notă biografică

Nick Harrisonis a software developer with Vertical Alliance Group, a consultancy in Columbia, South Carolina, USA. He has more than 20 years of experience developing software, starting with Unix system programming and ultimately progressing to .NET. He has expertise in full life cycle development, from initial inception through post-deployment support and has worked on many projects, including a full-featured loan origination system for a prominent mortgage lender and rapid prototypes for small startups. Nick has strategic experience resolving problems identified with data access logic and other performance bottlenecks. He is often found presenting at user group meetings and is the author of many articles and books on a wide range of technical topics, including MVC, T4, Roslyn, Software Metrics, Design Patterns, Web Design, and more.

Textul de pe ultima copertă

Use the best practices taught in this book to defend your application against future attack patterns. You also will learn about other equally critical means of securing your application, including validation logic, threat modeling, authentication, authorization, and much more.

This book covers the role that .NET developers play when it comes to security. You will learn about cryptography, but that is not the only tool at your disposal. After reading this book you will come away feeling empowered and confident when it comes to taking charge of the application security issues that are in your control.

What You'll Learn:
  • Understand the key concepts of software-based security in the context of application development
  • See how to structure a distributed application inside and outside of the firewall
  • Explore and recognize common attack vectors
  • Gain a thorough understanding of validations
  • Work through various examples of software security with a sense of humor 
  • Embrace the power you have as a developer
  • Know the risks in order to ensure that development efforts work to mitigate the risks
This book is for .NET developers, especially those who are developing applications that are visible on the Internet.

Nick Harrison is a software developer with Vertical Alliance Group with more than 20 years of experience developing software, starting with Unix system programming and ultimately progressing to .NET. He has expertise in full life cycle development, from initial inception through post-deployment support. He is often found presenting at user group meetings and is the author of many articles and books on a wide range of technical topics, including MVC, T4, Roslyn, Software Metrics, Design Patterns, Web Design, and more.

Caracteristici

Teaches best practices for secure programming   
Presents real-world scenarios to illustrate and illuminate each concept
Shows you how to take charge of application security issues that are in your control