Suresh Behera

Security and Microsoft .Net Technologies

Security Question List: Managed Code (.NET Framework 2.0)
How to Use This Module
What's New in 2.0
SQL Injection
Cross-Site Scripting
Input/Data Validation
Code Access Security
Exception Management
Impersonation
Sensitive Data
Cryptography
Unsafe Code
Potentially Dangerous Unmanaged APIs
Auditing and Logging
Multi-threadingAdditional Resources

Security Question List: ASP.NET 2.0
What's New in 2.0
SQL Injection
Cross-Site Scripting
Input/Data Validation
Authentication
Forms Authentication
Authorization
Code Access Security
Exception Management
Impersonation
Data Access
Sensitive Data
Cryptography
Unsafe Code
Potentially Dangerous Unmanaged APIs
Auditing and Logging
Additional Resources

ASP.NET 1.1

• How To: Create a Custom Account to Run ASP.NET
• How To: Create a DPAPI Library
• How To: Create an Encryption Library
• How To: Create GenericPrincipal Objects with Forms Authentication
• How To: Implement IPrincipal
• How To: Implement Kerberos Delegation for Windows 2000
• How To: Prevent Cross-Site Scripting in ASP.NET
• How To: Protect From Injection Attacks in ASP.NET
• How To: Set Up SSL on a Web Server
• How To: Set Up Client Certificates
• How To: Store an Encrypted Connection String in the Registry
• How To: Use DPAPI (Machine Store) from ASP.NET
• How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services
• How To: Use Forms Authentication with Active Directory
• How To: Use Forms Authentication with SQL Server 2000
• How To: Use the Network Service Account to Access Resources in ASP.NET
• How To: Use Regular Expressions to Constrain Input in ASP.NET
• How To: Use Role-based Security with Enterprise Services

ASP.NET 2.0

• How To: Configure the Machine Key in ASP.NET 2.0
• How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
• How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
• How To: Create a Service Account for an ASP.NET 2.0 Application
• How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
• How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
• How To: Instrument ASP.NET 2.0 Applications for Security
• How To: Improve Security When Hosting Multiple Applications in ASP.NET 2.0
• How To: Perform a Security Deployment Review for ASP.NET 2.0
• How To: Prevent Cross-Site Scripting in ASP.NET
• How To: Protect Forms Authentication in ASP.NET 2.0
• How To: Protect From Injection Attacks in ASP.NET
• How To: Protect From SQL Injection in ASP.NET
• How To: Use ADAM for Roles in ASP.NET 2.0
• How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
• How To: Use Code Access Security in ASP.NET 2.0
• How To: Use Forms Authentication with Active Directory in ASP.NET 2.0
• How To: Use Forms Authentication with Active Directory in Multiple Domains in ASP.NET 2.0
• How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
• How To: Use Health Monitoring in ASP.NET 2.0
• How To: Use Impersonation and Delegation in ASP.NET 2.0
• How To: Use Medium Trust in ASP.NET 2.0
• How To: Use Membership in ASP.NET 2.0
• How To: Use the Network Service Account to Access Resources in ASP.NET
• How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0
• How To: Use Regular Expressions to Constrain Input in ASP.NET
• How To: Use Role Manager in ASP.NET 2.0
• How To: Use Windows Authentication in ASP.NET 2.0

Authentication and Authorization

• How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
• How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
• How To: Create GenericPrincipal Objects with Forms Authentication
• How To: Protect Forms Authentication in ASP.NET 2.0
• How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
• How To: Use Forms Authentication with Active Directory
• How To: Use Forms Authentication with Active Directory in ASP.NET 2.0
• How To: Use Forms Authentication with Active Directory in Multiple Domains in ASP.NET 2.0
• How To: Use Forms Authentication with SQL Server 2000
• How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
• How To: Use Windows Authentication in ASP.NET 2.0

Code Access Security

• How To: Create a Custom Encryption Permission
• How To: Use Code Access Security in ASP.NET 2.0
• How To: Use Code Access Security Policy to Constrain an Assembly

Code Review

• How To: Perform a Security Code Review for Managed Code (Baseline Activity)

Communications Security

• How To: Call a Web Service Using Client Certificates from ASP.NET
• How To: Call a Web Service Using SSL
• How To: Set Up SSL on a Web Server
• How To: Set Up Client Certificates
• How To: Use IPSec for Filtering Ports and Authentication
• How To: Use IPSec to Provide Secure Communication Between Two Servers
• How To: Use SSL to Secure Communication with SQL Server 2000

Configuration

• How To: Create a Custom Account To Run ASP.NET
• How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
• How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA

Cryptography

• How To: Create a DPAPI Library
• How To: Create an Encryption Library
• How To: Store an Encrypted Connection String in the Registry
• How To: Use DPAPI (Machine Store) from ASP.NET
• How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services

Deployment Review

• How To: Perform a Security Deployment Review for ASP.NET 2.0

Enterprise Services (.NET Framework 1.1)

• How To: Use Role-based Security with Enterprise Services

Impersonation and Delegation

• How To: Implement Kerberos Delegation for Windows 2000
• How To: Use Impersonation and Delegation in ASP.NET 2.0

Input and Data Validation

• How To: Prevent Cross-Site Scripting in ASP.NET
• How To: Protect From Injection Attacks in ASP.NET
• How To: Protect From SQL Injection in ASP.NET
• How To: Use Regular Expressions to Constrain Input in ASP.NET

Patching and Updating

• How To: Secure Your Developer Workstation
• How To: Implement Patch Management

SQL Server 2000

• How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
• How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
• How To: Protect From SQL Injection in ASP.NET
• How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
• How To: Use SSL to Secure Communication with SQL Server 2000

Threat Modeling

• How To: Create a Threat Model for a Web Application at Design Time

Web Services (.NET Framework 1.1)

• How To: Call a Web Service Using Client Certificates from ASP.NET
• How To: Call a Web Service Using SSL

A Through Z

• How To: Call a Web Service Using Client Certificates from ASP.NET
• How To: Call a Web Service Using SSL
• How To: Create a Custom Account to Run ASP.NET
• How To: Create a Custom Encryption Permission
• How To: Create a DPAPI Library
• How To: Create an Encryption Library
• How To: Create GenericPrincipal Objects with Forms Authentication
• How To: Configure the Machine Key in ASP.NET 2.0
• How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
• How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
• How To: Create a Service Account for an ASP.NET 2.0 Application
• How To: Create a Threat Model for a Web Application at Design Time
• How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
• How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
• How To: Harden the TCP/IP Stack
• How To: Host a Remote Object in a Windows Service
• How To: Implement IPrincipal
• How To: Implement Kerberos Delegation for Windows 2000
• How To: Implement Patch Management
• How To: Improve Security When Hosting Multiple Applications in ASP.NET 2.0
• How To: Instrument ASP.NET 2.0 Applications for Security
• How To: Perform a Security Code Review for Managed Code (Baseline Activity)
• How To: Perform a Security Deployment Review for ASP.NET 2.0
• How To: Prevent Cross-Site Scripting in ASP.NET
• How To: Protect Forms Authentication in ASP.NET 2.0
• How To: Protect From Injection Attacks in ASP.NET
• How To: Protect From SQL Injection in ASP.NET
• How To: Secure Your Developer Workstation
• How To: Set Up SSL on a Web Server
• How To: Set Up Client Certificates
• How To: Store an Encrypted Connection String in the Registry
• How To: Use ADAM for Roles in ASP.NET 2.0
• How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
• How To: Use Code Access Security in ASP.NET 2.0
• How To: Use Code Access Security Policy to Constrain an Assembly
• How To: Use DPAPI (Machine Store) from ASP.NET
• How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services
• How To: Use Forms Authentication with Active Directory
• How To: Use Forms Authentication with Active Directory in ASP.NET 2.0
• How To: Use Forms Authentication with Active Directory in Multiple Domains in ASP.NET 2.0
• How To: Use Forms Authentication with SQL Server 2000
• How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
• How To: Use Health Monitoring in ASP.NET 2.0
• How To: Use IISLockdown.exe
• How To: Use Impersonation and Delegation in ASP.NET 2.0
• How To: Use IPSec for Filtering Ports and Authentication
• How To: Use IPSec to Provide Secure Communication Between Two Servers
• How To: Use Medium Trust in ASP.NET 2.0
• How To: Use Membership in ASP.NET 2.0
• How To: Use the Microsoft Security Baseline Analyzer
• How To: Use the Network Service Account to Access Resources in ASP.NET
• How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0
• How To: Use Regular Expressions to Constrain Input in ASP.NET
• How To: Use Role-based Security with Enterprise Services
• How To: Use Role Manager in ASP.NET 2.0
• How To: Use SSL to Secure Communication with SQL Server 2000
• How To: Use URLScan
• How To: Use Windows Authentication in ASP.NET 2.0

Suresh Behera