- Shopping Bag ( 0 items )
Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book.
The book will be accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software. Learn to quickly create security tools that ease the burden of software testing and network administration
1: Managing Users
2: Authenticating and Authorizing Users
3: Managing Sessions
4: Encrypting Private Data
5: Filtering User Input
6: Accessing Data
7: Developing Secure ASP.NET Applications
8: Securing XML
Appendix A: Understanding .NET SecurityAppendix B: Glossary of Web Application Security Threats
Posted October 3, 2004
This is a great book with a lot of really good ideas on improving ASP.NET applications and ASP.NET security. The book is organized into ¿ideas¿ which can help secure an ASP.NET (or really any) application. Beneath each idea is a list of what type of threats the specific idea mitigates, followed by the actual ASP.NET implementation. One thing I really liked about this book is that it¿s presented in a way which helps illustrate how hackers could infiltrate your web applications. I found this to be very effective in driving home a security lesson. The book is organized into ten different sections on aspects of ASP.NET security, which range from user management (which includes how to handle user names, passwords, and the like) to developing applications with security in mind (which includes issues like cross-site scripting attacks and error logging). Many sites with user management features provide a ¿Secret Question¿, which is used in case you forget your password. The secret questions often include questions like ¿What is the name of your favorite pet?¿ or ¿What city were you born in?¿. The book goes on to show that the secret question concept goes against everything security experts have been saying by demonstrating how hackers can use brute-force attacks along with educated guesses to gain unauthorized access. This book even discussed connection string issues and encryption in config files, which is an issue I am currently struggling with. Code examples are provided for all of the ideas presented, which are generally quite clever in and of themselves. If you are serious about improving the security in your ASP.NET applications, then do yourself a favor and read this book. I think you will find it was time well-spent.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.