View Larger Image	Mark M. Burnett, James C. Foster Syngress, Paperback, Published April 2004, 472 pages, ISBN 1932266658
	List Price: $49.95 Our Price: $35.50 You Save: $14.45 (29% Off)
	Availability: Out-Of-Stock

People who purchase this book frequently purchase:

• Writing Secure Code, 2nd Edition; Michael Howard, et al, $31.50, 37% Off!
• Maximizing ASP.NET: Real World, Object-Oriented Development; Jeffrey Putz, $28.50, 37% Off!
• Customizing the Microsoft .NET Framework Common Language Runtime; Steven Pratschner, $30.95, 38% Off!
• Programming Microsoft ASP.NET 2.0 Core Reference; Dino Esposito, $31.50, 37% Off!

• Enterprise Computing : Security
• Web Design/Development : Web Development
• Web Design/Development : ASP.NET
• Web Design/Development : Active Server Pages

• Syngress

Know the threats to your applications:

• Develop secure password policies and how to securely manage user passwords in your web application.
• Establish a secure procedure for resetting lost or forgotten passwords and discover how to properly use secret questions in that process.
• Securely authenticate and authorize users, taking advantage of the advanced capabilities in ASP.NET
• Limit exposure to credential harvesting and brute force password attacks.
• Securely manage user sessions and learn how to create strong user authentication tokens.
• Work with the built-in state providers and securely implement view state in your forms.
• Make sense of the extensive encryption features in ASP.NET and employ symmetric and asymmetric encryption for sensitive data.
• Properly encrypt and store secrets to the registry, a file, or the protected store.
• Filter user input to prevent from SQL injection, directory traversal, cross-site scripting and other application-level attacks.
• Apply techniques such as pattern matching and data reflecting to control exposure to malicious input attacks.
• Configure honey drops to detect attacks on your web application
• Configure IIS and ASP.NET to constrain buffer overflow, denial of service, and other attacks.
• Write secure database access code.
• Secure databases and database drivers.
• Construct secure HTML markup to limit exposure to cross-site scripting and cross-site request forgery attacks.
• Use structured error handling to prevent failure conditions that open holes or reveal sensitive information.
• Integrate XML encryption and apply XML digital signatures.

Your Solutions Membership Gives You Access to:

• Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
• "From the Author" Forum where the authors post timely updates and links to related sites
• The complete code listings from the book
• These downloadable e-booklets:
  Stealing The Network: How to Own a Continent
  Product of Fate: The Evolution of a Hacker
  Special Ops: Host and Network Security for Microsoft, Unix, and Oracle
  Hacking Custom Web Applications
  CYA: Securing IIS: Configuring Advanced Web Server Security
  IT Ethics Handbook: Programmers and Analysts

  
  

  Table of Contents

  1: Managing Users
  2: Authenticating and Authorizing Users
  3: Managing Sessions
  4: Encrypting Private Data
  5: Filtering User Input
  6: Accessing Data
  7: Developing Secure ASP.NET Applications
  8: Securing XML
  Appendix A: Understanding .NET Security
  Appendix B: Glossary of Web Application Security Threats

   

  About the Authors

  Mark Burnett (Microsoft MVP) is an independent security consultant, freelance writer, and a specialist
  in securing Windows-based IIS Web servers. Mark is co-author of Maximum Windows Security and is a
  contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft
  Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). He is a contributor and technical
  editor for Syngress Publishing's Special Ops: Host and Network Security for Microsoft, UNIX, and
  Oracle (ISBN: 1-931836-69-8). Mark speaks at various security conferences and has published articles
  in Windows & .NET, Information Security, Windows Web Solutions, Security Administrator, and is a
  regular contributor at SecurityFocus.com. Mark also publishes articles on his own Web site,
  IISSecurity.info.

  James C. Foster (Technical Editor) is the Deputy Director, Global Security Development for Computer
  Sciences Corporation where he is leading the task of developing and delivering managed, educational,
  informational, consulting, and outsourcing security services. Prior to joining CSC, Foster was the
  Director of Research and Development for Foundstone Inc. and was responsible for all aspects of
  product and corporate R&D including corporate strategy and international market expansion. Preceding
  Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc. (acquired by
  Verisign in 2004 for $135 Million) and an adjunct author at Information Security Magazine (acquired
  for an undisclosed amount by TechTarget in 2003.) He is commonly asked to comment on pertinent
  security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer
  World, Secure Computing, and the MIT Technologist. James has co-authored or contributed to Snort 2.0
  Intrusion Detection (Syngress, ISBN: 1931836744), and Special Ops Host and Network Security for
  Microsoft, Unix, and Oracle (Syngress, ISBN: 1931836698) as well as Hacking Exposed, Fourth Edition,
  Advanced Intrusion Detection, Anti-Hacker Toolkit Second Edition, and Anti-Spam Toolkit. James has
  attended Yale, Harvard, and the University of Maryland and has an AS, BS, MBA and is currently a
  Fellow at the University of Pennsylvania's Wharton School of Business.
  
  
  
  

  Forgot your password? FAQs Shipping Options Returns Your Orders Your Account