Developing More-Secure Microsoft® ASP.NET 2.0 Applications (Pro-Developer) [Paperback]

Dominick Baier (Author)

Book Description

Series: Pro-Developer | Publication Date: October 25, 2006

Build your expertise for developing more-secure applications with ASP.NET 2.0. A leading security expert delivers best practices, pragmatic instruction, and extensive code samples in Microsoft Visual C# to help you develop Web applications that are more robust, more reliable, and more resistant to attack.

Discover how to:

• Harden a Web server, operating system, communication protocol, and ASP.NET Validate input data with white listing, regular expressions, sandboxing, and other techniques
• Understand design and security implications of various cryptography approaches
• Integrate with Microsoft Windows security features such as impersonation, delegation and protocol transition
• Implement Web farm, single sign-on, and mixed-mode authentication
• Use provider-based features for user and role management and authentication
• Trace attacks with error-handling, logging, and instrumentation
• Lock down your application with partial trust

PLUS—Get code samples on the Web

Editorial Reviews

From the Publisher

Key Book Benefits:

- Delivers practical, hands-on guidance about Web security and ASP.NET 2.0 development - Features best practices from a leading authority and trainer, based on real-world experience - Provides extensive code examples in C#

About the Author

Dominick Baier splits his time between being an independent security consultant and an instructor for DevelopMentor - teaching and authoring the ASP.NET and the .NET security curriculum. He has a degree in computer science (German Diplom Ingenieur), is a certified BS7799/ISO17799 Lead Auditor and speaks at various conferences (WinDev, DevWeek, ADC) about application security. When not teaching he spends his time researching security, doing audits and penetration tests and helps other developers around the world to build more secure applications. Dominick maintains a security blog at http://www.leastprivilege.com.

Product Details

• Paperback: 480 pages
• Publisher: Microsoft Press (October 25, 2006)
• Language: English
• ISBN-10: 0735623317
• ISBN-13: 978-0735623316
• Product Dimensions: 9 x 7.4 x 1.2 inches
• Shipping Weight: 2.1 pounds
• Average Customer Review: 5.0 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #1,186,317 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

1 of 1 people found the following review helpful:

5.0 out of 5 stars Does the job, November 22, 2008

By 

David J. Graper (Albany, NY) - See all my reviews
(REAL NAME)   

This review is from: Developing More-Secure Microsoft® ASP.NET 2.0 Applications (Pro-Developer) (Paperback)

I needed to get Kerberos authentication working between a web service on one IIS server, a windows service on another server, and SQL server running on a third server and was running into the Windows NT authentication "double hop" problem. I struggled for days reading various web sources trying to make heads or tails of how to do it with no success until I found it here using the "Look Inside" feature here on Amazon. This tells you how to do it, point by point, in surprisingly clear writing.

I immediately bought the book and have been grinding my way through it ever since. It's about security so it's not that fun (who wouldn't rather be learning about Ajax, SilverLight, or anything else that will wow the people at work) but it's surprisingly palatable for developers like me (and most developers I've ever met) who think of security issues as the equivalent of cod liver oil.

1 of 1 people found the following review helpful:

5.0 out of 5 stars Excellent book for learning the security related aspects of ASP.NET 2.0, March 17, 2008

By 

PC (Seattle, WA) - See all my reviews

This review is from: Developing More-Secure Microsoft® ASP.NET 2.0 Applications (Pro-Developer) (Paperback)

I am an ASP.NET newbie and found this book very helpful in understanding authentication, authorization, role based security, input validation etc. I am a desktop developer and found the web development model difficult to understand initially but this book cleared up my mind in the security related parts. The book is written in a very clear and concise manner and uses diagrams to explain concepts which which I found very helpful. There are practical advices sprinkled all over the book along with the "why" of it.
In short, this is a very well written book which improved my asp.net knowledge and skills considerably. Highly recommended.

3 of 4 people found the following review helpful:

5.0 out of 5 stars Highly Recommended, September 6, 2007

By 

Miggety (Los Angeles, CA) - See all my reviews

This review is from: Developing More-Secure Microsoft® ASP.NET 2.0 Applications (Pro-Developer) (Paperback)

I really wish I could give this book 6 stars, it has been an indespensable resource for learning techniques to develop more secure applications. With so many dangers lurking out there it is increasingly important to not only be able to develop secure applications but to understand the .net security mechanisms as well. This book will leave no questions unanswered, if for no other reason purchase this book for chapter 8 on partial trust, I have not come across any resource that covered this topic so thoroughly. It's treatment of sandboxing and code partitioning alone make the book worth every penny paid. If your looking to continually improve the quality of your code and sites don't leave this book off your list.