C# Data Security Handbook [Illustrated] [Paperback]

Matthew Macdonald (Author), Eric Johansen (Author)

Book Description

Publication Date: January 2003

This book is aimed at practicing C# developers who are developing distributed applications or who need to store data in a secure manner. This book is aims to take C# developers with little or no knowledge of cryptography to the point where the can confidently implement their own secure applications.

This will cover the basics of using symmetric and asymmetric cryptography in .NET then we'll go on to examine how to make practical use of these technologies in the following areas:

Secure data exchange: securing online communications is vital to modern e-commerce applications, here we'll look at SSL, TLS, Secure remotoing and implementing cryptographic natively in your applications
Secure data storage: this is actually the more challenging, we'll examine how to store data securely in databases and on the NT file system using Widows secure storage API
Data Integrity: Here we examine the role of hash codes and signatures, either as an add-on to encryption, or in cases where data must be verified against changes
Authentication: Digital signatures still leaves a problem, you know that a person with a certain digital signature sent the message, but how do you know whom that person is
Public Key Infrastructure: managing keys is actually one of the most challenging tasks for any secure application, here we'll look at how to minimise this burden

Editorial Reviews

From the Publisher

Put simply "When implementing a cryptographic system do it well or don't bother" cryptography isn't some sort of magic that you that can make an application secure. You have to understand potential vunerablities for each technique if you are to be safe from attackers. While most of cryptographic algorythms implemented in the .NET Framework security namespaces are essentially unbreakable by any reasonable definition. The vast majority of flaws that lead to secret data being revealed to attackers are the results of mistakes in the implementation of applications. It is not enough just to show people how to use the .NET classes we also need to show them how to create solid implementations.

Product Details

• Paperback: 300 pages
• Publisher: Wrox Press (January 2003)
• Language: English
• ISBN-10: 1861008015
• ISBN-13: 978-1861008015
• Product Dimensions: 8.9 x 6 x 1 inches
• Shipping Weight: 1.2 pounds
• Average Customer Review: 4.5 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #775,696 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

4.0 out of 5 stars An essential guide to secure .NET applications, March 6, 2003

By 

Rob Harrop (Manchester, United Kingdom) - See all my reviews

This review is from: C# Data Security Handbook (Paperback)

What can I say about this book? To start with I have to give praise to author of the first chapter. As an introduction in various security concepts such as Integrity, Authentication and Authorization, it is so simple that even a manager could understand it, but the wealth of knowledge available means that every developer picking up this book should be reading this chapter in-depth.

Moving on chapters 2, 3 and 4 provide a real insight into how cryptography works within in the .NET framework. These chapters not only present invaluable information on how to use the .NET cryptography classes, but also how they are often misused - practical information for any developer.

The rest of the book is jam packed with valuable information on a whole range of topics from SSL and TLS right through to certificates and CAPICOM.

For anyone developing XML based applications there is an in-depth look at the use of XML Signatures and the various ways it can be applied within an application. If you want to transmit verifiable XML data then this provides a useful insight.

I really liked the list of best and worst practises included in chapter 7, which introduced some long term worth for this title. If you are developing security for an application it is a trivial exercise to check you implementation against the list of best and worst practises.

Perhaps the most standout part of this book is chapter 8 which brings together all of the topics of the book to build a full web service application that simulates a virtual hard drive. This application gives a real-world understanding of how various different security techniques and concepts can be brought together.

What I really liked about this book was that I wasn't a regurgitation of the MSDN documentation. All the information is presented in ways which you can, and probably will, use in day-to-day development.

My only criticism of this book is that I felt that the concept of key stores could have been better explained, much earlier in the book. As it was I had to re-read certain sections to better understand them.

4.0 out of 5 stars An essential guide to secure .NET applications, March 6, 2003

By 

Rob Harrop (Manchester, United Kingdom) - See all my reviews

This review is from: C# Data Security Handbook (Paperback)

What can I say about this book? To start with I have to give praise to author of the first chapter. As an introduction in various security concepts such as Integrity, Authentication and Authorization, it is so simple that even a manager could understand it, but the wealth of knowledge available means that every developer picking up this book should be reading this chapter in-depth.

Moving on chapters 2, 3 and 4 provide a real insight into how cryptography works within in the .NET framework. These chapters not only present invaluable information on how to use the .NET cryptography classes, but also how they are often misused - practical information for any developer.

The rest of the book is jam packed with valuable information on a whole range of topics from SSL and TLS right through to certificates and CAPICOM.

For anyone developing XML based applications there is an in-depth look at the use of XML Signatures and the various ways it can be applied within an application. If you want to transmit verifiable XML data then this provides a useful insight.

I really liked the list of best and worst practises included in chapter 7, which introduced some long term worth for this title. If you are developing security for an application it is a trivial exercise to check you implementation against the list of best and worst practises.

Perhaps the most standout part of this book is chapter 8 which brings together all of the topics of the book to build a full web service application that simulates a virtual hard drive. This application gives a real-world understanding of how various different security techniques and concepts can be brought together.

What I really liked about this book was that I wasn't a regurgitation of the MSDN documentation. All the information is presented in ways which you can, and probably will, use in day-to-day development.

My only criticism of this book is that I felt that the concept of key stores could have been better explained, much earlier in the book. As it was I had to re-read certain sections to better understand them.

0 of 1 people found the following review helpful:

5.0 out of 5 stars Great book, August 27, 2004

By 

Omer Holzinger (Israel) - See all my reviews

This review is from: C# Data Security Handbook (Paperback)

Very very good book about security in the .NET platform.

highly recomanded