Hacking the Code book cover

Hacking the Code

Auditor's Guide to Writing Secure Code for the Web

Hacker Code will have over 400 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, HC1 will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques from Foundstone and other respected organizations will be included in both the Local and Remote Code sections of the book. The book will be accompanied with a FREE COMPANION CD containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

Audience
Security professionals in technical programming and scripting market. Educational institutions teaching security.

Hardbound, 550 Pages

Published: April 2004

Imprint: Syngress

ISBN: 978-1-932266-65-8

Contents


  • Chapter 1 Managing Users

    Introduction

    Understanding the Threats

    Establishing User Credentials

    Enforcing Strong Passwords

    Avoiding Easily Guessed Credentials

    Preventing Credential Harvesting

    Limiting Idle Accounts

    Managing Passwords

    Storing Passwords

    Password Aging and Histories

    Changing Passwords

    Resetting Lost or Forgotten Passwords

    Resetting Passwords

    Sending Information Via E-Mail

    Assigning Temporary Passwords

    Using Secret Questions

    Empowering Users

    Educating Users

    Involving Users

    Coding Standards Fast Track

    Establishing User Credentials

    Managing Passwords

    Resetting Lost or Forgotten Passwords

    Empowering Users

    Code Audit Fast Track

    Establishing User Credentials

    Managing Passwords

    Resetting Lost or Forgotten Passwords

    Empowering Users

    Frequently Asked Questions

    Chapter 2 Authenticating and Authorizing Users

    Introduction

    Understanding the Threats

    Authenticating Users

    Building Login Forms

    Using Forms Authentication

    Using Windows Authentication

    Using Passport Authentication

    Blocking Brute-Force Attacks

    Authorizing Users

    Deciding How to Authorize

    Employing File Authorization

    Applying URL Authorization

    Authorizing Users Through Code

    Coding Standards Fast Track

    Authenticating Users

    Authorizing Users

    Code Audit Fast Track

    Authenticating Users

    Authorizing Users

    Frequently Asked Questions

    Chapter 3 Managing Sessions

    Introduction

    Session Tokens

    Authentication Tokens

    Understanding the Threats

    Maintaining State

    Designing a Secure Token

    Selecting a Token Mechanism

    Using State Providers

    Using ASP.NET Tokens

    Using Cookies

    Working with View State

    Enhancing ASP.NET State Management

    Creating Tokens

    Terminating Sessions

    Coding Standards Fast Track

    Maintaining State

    Using ASP.NET Tokens

    Enhancing ASP.NET State Management

    Code Audit Fast Track

    Maintaining State

    Using ASP.NET Tokens

    Enhancing ASP.NET State Management

    Frequently Asked Questions

    Chapter 4 Encrypting Private Data

    Introduction

    Using Cryptography in ASP.NET

    Employing Symmetric Cryptography

    Using Asymmetric Cryptography

    Working with Hashing Algorithms

    Working with .NET Encryption Features

    Creating Random Numbers

    Keeping Memory Clean

    Protecting Secrets

    Protecting Communications with SSL

    Coding Standards Fast Track

    Using Cryptography in ASP.NET

    Working with .NET Encryption Features

    Code Audit Fast Track

    Using Cryptography in ASP.NET

    Working with .NET Encryption Features

    Frequently Asked Questions

    Chapter 5 Filtering User Input

    Introduction

    Handling Malicious Input

    Identifying Input Sources

    Programming Defensively

    Constraining Input

    Bounds Checking

    Pattern Matching

    Data Reflecting

    Encoding Data

    Encapsulating

    Parameterizing

    Double Decoding

    Syntax Checking

    Exception Handling

    Honey Drops

    Limiting Exposure to Malicious Input

    Reducing the Attack Surface

    Limiting Attack Scope

    Hardening Server Applications

    Coding Standards Fast Track

    Handling Malicious Input

    Constraining Input

    Limiting Exposure to Malicious Input

    Code Audit Fast Track

    Handling Malicious Input

    Limiting Exposure to Malicious Input

    Frequently Asked Questions

    Chapter 6 Accessing Data

    Introduction

    Securing Databases

    Securing the Database Location

    Limiting the Attack Surface

    Ensuring Least Privilege

    Securing the Database

    Writing Secure Data Access Code

    Connecting to the Data Source

    Preventing SQL Injection

    Writing Secure SQL Code

    Reading and Writing to Data Files

    Coding Standards Fast Track

    Securing Database Drivers

    Securing Databases

    Writing Secure Data Access Code

    Code Audit Fast Track

    Securing Database Drivers

    Securing the Database

    Writing Secure Data Access Code

    Frequently Asked Questions

    Chapter 7 Developing Secure ASP.NET Applications

    Introduction

    Understanding the Threats

    Writing Secure HTML

    Constructing Safe HTML

    Preventing Information Leaks

    Handling Exceptions

    Using Structured Error Handling

    Reporting and Logging Errors

    Coding Standards Fast Track

    Writing Secure HTML

    Handling Exceptions

    Code Audit Fast Track

    Writing Secure HTML

    Handling Exceptions

    Frequently Asked Questions

    Chapter 8 Securing XML

    Introduction

    Applying XML Encryption

    Encrypting XML Data

    Applying XML Digital Signatures

    Signing XML Data

    Coding Standards Fast Track

    Applying XML Encryption

    Applying XML Digital Signatures

    Coding Audit Fast Track

    Applying XML Encryption

    Applying XML Digital Signatures

    Frequently Asked Questions

    Appendix A Understanding .NET Security

    Introduction

    Permissions

    Principal

    Authentication

    Authorization

    Security Policy

    Type Safety

    Code Access Security

    .NET Code Access Security Model

    Role-Based Security

    Principals

    Role-Based Security Checks

    Security Policies

    Creating a New Permission Set

    Modifying the Code Group Structure

    Remoting Security

    Cryptography

    Security Tools

    Summary

    Security Fast Track

    Frequently Asked Questions

    Appendix B Glossary of Web Application Security Threats

    Index




Advertisement

advert image