With the spread of web-enabled desktop clients and
web-server based applications, developers can no longer
afford to treat security as an afterthought. It's one
topic, in fact, that .NET forces you to address, since
Microsoft has placed security-related features at the core
of the .NET Framework. Yet, because a developer's
carelessness or lack of experience can still allow a
program to be used in an unintended way, Programming .NET
Security shows you how the various tools will help you
write secure applications.
The book works as both a comprehensive tutorial and
reference to security issues for .NET application
development, and contains numerous practical examples in
both the C# and VB.NET languages. With Programming .NET
Security, you will learn to apply sound security principles
to your application designs, and to understand the concepts
of identity, authentication and authorization and how they
apply to .NET security. This guide also teaches you to:
- use the .NET run-time security features and .NET
security namespaces and types to implement best-practices
in your applications, including evidence, permissions, code
identity and security policy, and role based and Code
Access Security (CAS) use the .NET cryptographic APIs ,
from hashing and common encryption algorithms to digital
signatures and cryptographic keys, to protect your
data.
- use COM+ component services in a secure manner
If you program with ASP.NET will also learn how to apply
security to your applications. And the book also shows you
how to use the Windows Event Log Service to audit Windows
security violations that may be a threat to your
solution.
Authors Adam Freeman and Allen Jones, early .NET
adopters and long-time proponents of an "end-to-end"
security model, based this book on their years of
experience in applying security policies and developing
products for NASDAQ, Sun Microsystems, Netscape, Microsoft,
and others. With the .NET platform placing security at
center stage, the better informed you are, the more secure
your project will be.
Contents include:
- Programming, system administration, networking, and
user commands with complete lists of options
- GRUB, LILO, and Loadlin bootloaders
- Shell syntax and variables for the bash, csh, and tcsh
shells
- Pattern matching
- Emacs, vi, and vim editing commands
- sed and gawk commands
- The GNOME and KDE desktops and the fvwm2 window
manager
- Red Hat and Debian package managers
Contents
- Fundamentals
- Security Fundamentals
- Assemblies
- Application Domains
- The Lifetime of a Secure Application
- .NET Security
- Introduction to Runtime Security
- Evidence and Code Identity
- Permissions
- Security Policy
- Administering Code-Access Security
- Role-Based Security
- Isolated Storage
- .NET Cryptography
- Introduction to Cryptography
- Hashing Algorithms
- Symmetric Encryption
- Asymmetric Encryption
- Digital Signatures
- Cryptographic Keys
- .NET Application Frameworks
- ASP.NET Application Security
- COM+ Security
- The Event Log Service
- API Quick Reference
- How to Use This Quick Reference
- Converting from C# to VB Syntax
- The System.Security Namespace
- The System.Security.Cryptography Namespace
- The System.Security.Cryptography.X509Certificates
Namespace
- The System.Security.Cryptography.Xml Namespace
- The System.Security.Permissions Namespace
- The System.Security.Policy Namespace
- The System.Security.Principal Namespace