Security for Microsoft Visual Basic .NET
Chapter 1: Encryption
- Figure 1-1: Encrypting and decrypting a secret message
- Figure 1-2: SHA-1 hash digests
- Figure 1-3: Private key encryption
- Figure 1-4: Public key encryption and decryption
Chapter 2: Role-Based Authorization
- Figure 2-1: Employees and roles
- Figure 2-2: Buttons are hidden based on roles
- Figure 2-3: Jane’s permissions
Chapter 3: Code-Access Security
- Figure 3-1: An attempt to perform an action must pass through several security checks
- Figure 3-2: Standard symbols representing each zone
- Figure 3-3: The Opening Mail Attachment warning dialog box
Chapter 4: ASP.NET Authentication
- Figure 4-1: Forms authentication
Chapter 5: Securing Web Applications
- Figure 5-1: 13 hops to Yahoo
- Figure 5-2: Intercepting TCP/IP packets
- Figure 5-3: Trusted certificate authorities in Internet Explorer
Chapter 6: Application Attacks and How to Avoid Them
- Figure 6-1: The user name and password fields injected by the attacker’s user name
Chapter 7: Validating Input
- Figure 7-1: The error displayed by the RegularExpressionValidator control
Chapter 8: Handling Exceptions
- Figure 8-1: View the event log on a user’s computer
Chapter 9: Testing for Attack- Resistant Code
- Figure 9-1: An attacker’s blueprint of your application
- Figure 9-2: The sample test page to be viewed by WebTester
- Figure 9-3: Five steps to get a hacker’s view of your Web page
- Figure 9-4: A hacker’s view of your ASP.NET-generated Web page
Chapter 10: Securing Your Application for Deployment
- Figure 10-1: Elements of an X.509 certificate.
Chapter 11: Locking Down Windows, Internet Information Services, and .NET
- Figure 11-1: The Microsoft Baseline Security Analyzer
- Figure 11-2: The IIS Lockdown tool
Chapter 12: Securing Databases
- Figure 12-1: Results of three identifier methods
- Figure 12-2: Adding a user to a database
- Figure 12-3: Securing VBA code in a Microsoft Access database
- Figure 12-4: Turn on auditing in SQL Server Enterprise Manager
Chapter 13: Ten Steps to Designing a Secure Enterprise System
- Figure 13-1: Secure Web application architecture 1
- Figure 13-2: Secure Web application architecture 2
- Figure 13-3: Secure intranet Web architecture
- Figure 13-4: Secure client-server architecture
- Figure 13-5: What is the right decision?
- Figure 13-6: Give the user a chance to back out
Chapter 15: Threat Analysis Exercise
- Figure 15-1: Employee management system Web design diagram for user logon scenario
Chapter 16: Future Trends
- Figure 16-1: Press the button to flood the town below
Appendix A: Guide to the Code Samples
- Figure A-1: The frmLogin form
- Figure A-2: The frmDashboard form
- Figure A-3: The frmMyInfo form
- Figure A-4: The frmAddNew form
- Figure A-5: The frmRemoveUser form
- Figure A-6: The frmManage form
- Figure A-7: The default.aspx Web form
- Figure A-8: The login.aspx Web form
- Figure A-9: Voila! The page finally opens
- Figure A-10: Editing a profile
- Figure A-11: Encryption Demo
- Figure A-12: Changing the Passport environment to pre-production
- Figure A-13: EmployeeDatabase data model