Rating:
Author: Barry Dorrans
ISBN : B003JTHYX0
New from $25.99
Format: PDF
Direct download links available Free Beginning ASP.NET Security for everyone book 4shared, mediafire, hotfile, and mirror link
Programmers: protect and defend your Web apps against attack!You may know ASP.NET, but if you don't understand how to secure your applications, you need this book. This vital guide explores the often-overlooked topic of teaching programmers how to design ASP.NET Web applications so as to prevent online thefts and security breaches.
You'll start with a thorough look at ASP.NET 3.5 basics and see happens when you don't implement security, including some amazing examples. The book then delves into the development of a Web application, walking you through the vulnerable points at every phase. Learn to factor security in from the ground up, discover a wealth of tips and industry best practices, and explore code libraries and more resources provided by Microsoft and others.
- Shows you step by step how to implement the very latest security techniques
- Reveals the secrets of secret-keeping—encryption, hashing, and not leaking information to begin with
- Delves into authentication, authorizing, and securing sessions
- Explains how to secure Web servers and Web services, including WCF and ASMX
- Walks you through threat modeling, so you can anticipate problems
- Offers best practices, techniques, and industry trends you can put to use right away
Defend and secure your ASP.NET 3.5 framework Web sites with this must-have guide.Direct download links available for Free Beginning ASP.NET Security (Wrox Programmer to Programmer) [Kindle Edition]
- File Size: 3445 KB
- Print Length: 436 pages
- Publisher: Wrox; 1 edition (April 20, 2010)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B003JTHYX0
- Text-to-Speech: Enabled
X-Ray:
- Lending: Enabled
- Amazon Best Sellers Rank: #652,615 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
Free Beginning ASP.NET Security
Beginning ASP.net security begins by introducing the reader to security principals such as defence in depth, never trusting user input etc. The author then ensures the reader understands how the web and ASP.net function by providing an overview of HTTP & ASP.net processing of events, form submissions and Viewstate- all essential concepts to understand the security issues surrounding ASP.net applications.
The book is divided into 16 easy to read chapters. Chapters contain small snippets of code and demonstrate various security issues ensuring the reader understands the problem being discussed. Detailed advice is then given and solutions provided to fix the various issues.
Issues are supplemented with real world examples and the author's own experience (I chuckled at the index server example) and help provide some colour to what can be a difficult topic to keep interesting.
The book covers all major web based security issues such as XSS, XSRF, Sql Injection and also related topics such as securing IIS and issues surrounding the file system. Important concepts such as encryption, hashing and certificates are also covered in depth. The final chapters cover advanced topics such as CAS, Securing IIS and third party authentication solutions.
So what could be better? very little the book is clear, easy to read and contains concise examples. I would have perhaps liked to see an example of implementing a custom membership provider and a bit more on client side scripting/ajax related issues but the book does a great job covering the major areas and pointing the reader towards further resources.
I liked that the book provides recipes for dealing with complex problems such as implementing certificate based authentication and implementing Open ID.
Title of Barry Dorrans' book "Beginning ASP.NET Security" is not quite inline with the contents of the book I would think. I would at least make the title 'Intermediate'. Because you may see some eyes roll, when you see "Beginner's..." in the title. However given that securing applications is a journey, rather than the destination, maybe he has a valid point.
Mr. Dorrans does a very thorough job covering many and various aspects of web security. First chapter opens up with a defaced web site and a list "do's", such as never trusting input, failing gracefully (not giving any useful information such as stacktrace), watching and logging actions, and using the least privilege principles while running the applications. Lot of times, I hear "we use SSL, we are secure". Such naive developer should really consider reading this book.
Chapter 2 explains how the web works, and this is totally beginner's chapter, but still a great refresher. Introduces Fiddler2, Tracing in asp.net, the ASP.NET pipeline and web forms. Chapter 3 is about user input. I have read the book "Writing Secure Code" and very glad to see Mr. Dorrans's referencing of this book in the second paragraph. Goes on to introduce cross-site scripting attack and protection of cookies, the out-of-the box Validation controls which classic ASP.NET offers.
Chapter 4 extends the user input validation in forms of query strings, form fields, events and such, and the main take away is the CSRF (Cross-site request forgery) attack. Enjoyed reading the section of writing an HTTP module to protect against CSRF attacks which is a few pages long. Chapter 5 dives into ViewState, validating it, encrypting it.