HTTP/2 302 server: nginx date: Sat, 02 Aug 2025 03:38:51 GMT content-type: text/plain; charset=utf-8 content-length: 0 x-archive-redirect-reason: found capture at 20101021090909 location: https://web.archive.org/web/20101021090909/https://safari.oreilly.com/9780735623316 server-timing: captures_list;dur=0.509927, exclusion.robots;dur=0.017904, exclusion.robots.policy;dur=0.008490, esindex;dur=0.010010, cdx.remote;dur=6.891109, LoadShardBlock;dur=74.232843, PetaboxLoader3.datanode;dur=69.499264 x-app-server: wwwb-app218 x-ts: 302 x-tr: 106 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 set-cookie: wb-p-SERVER=wwwb-app218; path=/ x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() HTTP/2 301 server: nginx date: Sat, 02 Aug 2025 03:38:51 GMT content-length: 0 x-archive-orig-content-length: 0 location: https://web.archive.org/web/20101021090909/https://my.safaribooksonline.com/9780735623316?portal=oreilly x-archive-orig-server: SWS + Microsoft-HTTPAPI/2.0 x-archive-orig-date: Thu, 21 Oct 2010 09:09:09 GMT x-archive-orig-connection: close x-archive-orig-set-cookie: Safari=cookieversion=2&portal=oreilly&key=&sessionid=b4b30841-d299-4326-be31-02fc6773caa6&ref=Undefined&oref=%2f; Path=/; Domain=safari.oreilly.com cache-control: max-age=1800 memento-datetime: Thu, 21 Oct 2010 09:09:09 GMT link: ; rel="original", ; rel="timemap"; type="application/link-format", ; rel="timegate", ; rel="first memento"; datetime="Mon, 25 Jun 2007 12:33:13 GMT", ; rel="prev memento"; datetime="Tue, 05 Jan 2010 17:59:23 GMT", ; rel="memento"; datetime="Thu, 21 Oct 2010 09:09:09 GMT", ; rel="next memento"; datetime="Tue, 21 Dec 2010 04:11:23 GMT", ; rel="last memento"; datetime="Wed, 31 Aug 2011 11:23:44 GMT" content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org x-archive-src: 52_18_20101021080749_crawl100-c/52_18_20101021090651_crawl100.arc.gz server-timing: captures_list;dur=0.462063, exclusion.robots;dur=0.017632, exclusion.robots.policy;dur=0.008265, esindex;dur=0.010198, cdx.remote;dur=24.640229, LoadShardBlock;dur=61.660700, PetaboxLoader3.datanode;dur=114.643568, load_resource;dur=143.955072, PetaboxLoader3.resolve;dur=49.924448 x-app-server: wwwb-app218 x-ts: 301 x-tr: 257 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() HTTP/2 302 server: nginx date: Sat, 02 Aug 2025 03:38:52 GMT content-type: text/plain; charset=utf-8 content-length: 0 x-archive-redirect-reason: found capture at 20110812052659 location: https://web.archive.org/web/20110812052659/https://my.safaribooksonline.com/9780735623316?portal=oreilly server-timing: captures_list;dur=1.328424, exclusion.robots;dur=0.041043, exclusion.robots.policy;dur=0.018939, esindex;dur=0.018507, cdx.remote;dur=17.924596, LoadShardBlock;dur=149.551628, PetaboxLoader3.datanode;dur=71.910145, PetaboxLoader3.resolve;dur=39.876588 x-app-server: wwwb-app218 x-ts: 302 x-tr: 251 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() HTTP/2 200 server: nginx date: Sat, 02 Aug 2025 03:38:53 GMT content-type: text/html; charset=utf-8 x-archive-orig-expires: Mon, 05 Apr 1970 03:12:07 GMT x-archive-orig-server: SWS + Microsoft-HTTPAPI/2.0 x-archive-orig-cache-control: private x-archive-orig-p3p: CP="CAO DSP COR LAW CUR ADMi DEVi PSAi IVAi IVDi CONo HISi TELo OUR IND UNI" x-archive-orig-date: Fri, 12 Aug 2011 05:27:00 GMT x-archive-orig-connection: close x-archive-orig-set-cookie: Safari=cookieversion=2&cookie-monster=false&portal=oreilly&key=&sessionid=c8de8f83-872e-493a-91dd-feac18da5455&ref=Undefined&oref=%2f; Path=/; Domain=my.safaribooksonline.com x-archive-orig-set-cookie: cookie-monster=true; Path=/; Expires=Thu, 12 Aug 2021 05:27:00 GMT x-archive-guessed-content-type: text/html x-archive-guessed-charset: utf-8 memento-datetime: Fri, 12 Aug 2011 05:26:59 GMT link: ; rel="original", ; rel="timemap"; type="application/link-format", ; rel="timegate", ; rel="first memento"; datetime="Fri, 12 Aug 2011 05:26:59 GMT", ; rel="memento"; datetime="Fri, 12 Aug 2011 05:26:59 GMT", ; rel="last memento"; datetime="Fri, 12 Aug 2011 05:26:59 GMT" content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org x-archive-src: WIDE-20110812050836-crawl416/WIDE-20110812051908-00229.warc.gz server-timing: captures_list;dur=0.712525, exclusion.robots;dur=0.024103, exclusion.robots.policy;dur=0.011280, esindex;dur=0.012457, cdx.remote;dur=28.059889, LoadShardBlock;dur=239.041194, PetaboxLoader3.datanode;dur=109.249173, PetaboxLoader3.resolve;dur=1267.130304, load_resource;dur=1169.596901 x-app-server: wwwb-app218 x-ts: 200 x-tr: 1554 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() content-encoding: gzip

Content Tabs

• Home
• Subscribe
• Free Trial

• Category Map
• My Quick Links
  • Books
  • Video
  • Rough Cuts
  • Short Cuts
  • Tools

Search:criteria:Entire SiteBook/Video TitlesShort CutsRough Cuts

Sign In

• Developing More-Secure Microsoft® ASP.NET 2.0 Applications

• By: Dominick Baier

• Publisher: Microsoft Press

• Pub. Date: September 27, 2006

• Print ISBN-13: 978-0-7356-2331-6

• Print ISBN-10: 0-7356-2331-7

• Pages in Print Edition: 480

• Amazon.com® Reviews

• Subscriber Rating: [0 Ratings]

• Overview
• Table of Contents
• Extras
• Search This Book
• Help

Amazon.com Reader Reviews • Subscriber Reviews • Browse Similar Topics

Overview

Other Readers Also Read...

Building Secure Microsoft® ASP.NET Applications
by Microsoft Corporation

Hunting Security Bugs
by Tom Gallagher; Bryan Jeffries; Lawrence Landauer

Microsoft® .NET: Architecting Applications for the Enterprise
by Dino Esposito; Andrea Saltarello

Top Sellers in this Category

Windows 7: The Missing Manual
by David Pogue

Excel® 2010 Bible
by John Walkenbach

Pro C# 2010 and the .NET 4 Platform
by Andrew Troelsen

Pro ASP.NET MVC 3 Framework, Third Edition
by Adam Freeman; Steven Sanderson

MCTS Self-Paced Training Kit (Exam 70-516): Accessing Data with Microsoft® .NET Framework 4
by Glenn Johnson

Get hands-on, expert guidance for developing more secure Web applications with ASP.NET 2.0. This reference offers best practices and practical instruction with code samples in C# to help build applications that are more resistant to vulnerabilities.

Subscriber Reviews

Average Rating:  Based on 0 Ratings

No Subscribers have provided a review for this book.

Browse Similar Topics

Top Level Categories:
Information Technology & Software Development
Product
Vendor

Sub-Categories:
Information Technology & Software Development > Web Development
Web Development > Microsoft ASP.NET
Product > Microsoft .NET
Vendor > Microsoft

Some information on this page was provided using data from Amazon.com®. View at Amazon >

Table of Contents

 

Copyright

Foreword

Acknowledgements

Introduction

Download Chapter
1 TokenChapter 1. Web Application Security

OWASP Top 10

General Principles to Live By

Summary

Download Chapter
1 TokenChapter 2. ASP.NET 2.0 Architecture

Understanding Hosting

Understanding the Pipeline

Compiling ASP.NET Pages

Summary

Download Chapter
1 TokenChapter 3. Input Validation

What Is Input?

The Need for Input Validation

Input Validation Techniques

Mitigation Techniques

Validation in ASP.NET Applications

Summary

Chapter 4. Storing Secrets

Identifying Attacks and Attackers

Cryptography to the Rescue?

Hashing Data

Storing Passwords

Encrypting Data

Using the Windows Data Protection API

Protecting Configuration Data

Protecting ViewState

Summary

Download Chapter
1 TokenChapter 5. Authentication and Authorization

Fundamentals

Using Windows Accounts

Using Custom Accounts

Hybrid Approaches

Summary

Download Chapter
1 TokenChapter 6. Security Provider and Controls

Understanding the Membership Feature

Understanding Role Manager

Using SiteMap for Navigation

Building Features and Providers

Guidelines

Summary

Download Chapter
1 TokenChapter 7. Logging and Instrumentation

Handling Errors

Logging and Instrumentation

Health Monitoring Framework

Summary

Download Chapter
1 TokenChapter 8. Partial Trust ASP.NET

Why Partial Trust?

Configuring Partial Trust

Understanding Policy Files

Customizing Policy Files

Partitioning Code

Creating Custom Permissions

Making Sense of SecurityException

Locking Down Configuration

Summary

Download Chapter
1 TokenChapter 9. Deployment and Configuration

General Guidelines

Operating System Hardening

Database Server Hardening

Web Server Hardening

ASP.NET Hardening

Summary

Download Chapter
1 TokenChapter 10. Tools and Resources

Types of Tools

Deciding Which Tools Are Right for You

Browser Proxies and HTTP Protocol Fuzzers

Black Box Scanners

Configuration Analysis

Source Code Analyzers

Miscellaneous Tools

Binary Analysis

Database Scanners

Blogs

Summary

Download Chapter
1 TokenAppendix A. Building a Custom Protected Configuration Provider

Summary

Download Chapter
1 TokenAppendix B. Session State

How Does It Work?

Session Stores

Security Considerations

Summary

Download Chapter
1 TokenAppendix C. Compartmentalizing ASP.NET Applications

Building the Server

Building the Client

Building a Partially Trusted Client

Summary

Download Chapter
1 TokenAppendix D. Secure Web Services

Scenarios

Secure Communications and Server Authentication

Client Authentication

Summary

Download Chapter
1 TokenAppendix E. Unit Testing Web Applications Using Visual Studio Team Edition

Test-Driven Development

Running the Test

Testing Existing Code

Test Lists and Test Run Configuration

Setting Up the Right Environment for Tests

Testing Private Methods

Expected Errors

Data-Driven Testing

Management of the Data Used for Data-Driven Testing

Testing Web Services Code

Running Tests Inside ASP.NET

Summary

Download Chapter
1 TokenAbout the Author

Index

Extras

The publisher has provided additional content related to this title.

Description	Content
Visit the catalog page for Developing More-Secure Microsoft® ASP.NET 2.0 Applications	Catalog Page
Visit the errata page for Developing More-Secure Microsoft® ASP.NET 2.0 Applications	Errata

---

About Safari Books Online • Terms of Service • Gift Subscriptions • Privacy Policy • Contact Us • Corporate Licenses • Help • Accessibility |

Copyright 2011Safari Books Online. All rights reserved.