Beginning ASP.NET Security (Wrox Programmer to Programmer) and over 2 million other books are available for Amazon Kindle . Learn more


or
Sign in to turn on 1-Click ordering.
Trade in Yours
For a 3.64 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Colour:
Image not available

 
Start reading Beginning ASP.NET Security (Wrox Programmer to Programmer) on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Beginning ASP.NET Security (Wrox Programmer to Programmer) [Paperback]

Barry Dorrans
5.0 out of 5 stars  See all reviews (1 customer review)
Price: 28.99 & FREE Delivery in the UK. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 2 Aug.? Choose Express delivery at checkout. Details

Formats

Amazon Price New from Used from
Kindle Edition 27.54  
Paperback 28.99  
Trade In this Item for up to 3.64
Trade in Beginning ASP.NET Security (Wrox Programmer to Programmer) for an Amazon Gift Card of up to 3.64, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

22 Jan 2010 0470743654 978-0470743652 1
Programmers: protect and defend your Web apps against attack! You may know ASP.NET, but if you don′t understand how to secure your applications, you need this book. This vital guide explores the often–overlooked topic of teaching programmers how to design ASP.NET Web applications so as to prevent online thefts and security breaches. You′ll start with a thorough look at ASP.NET 3.5 basics and see happens when you don′t implement security, including some amazing examples. The book then delves into the development of a Web application, walking you through the vulnerable points at every phase. Learn to factor security in from the ground up, discover a wealth of tips and industry best practices, and explore code libraries and more resources provided by Microsoft and others. Shows you step by step how to implement the very latest security techniques Reveals the secrets of secret–keeping—encryption, hashing, and not leaking information to begin with Delves into authentication, authorizing, and securing sessions Explains how to secure Web servers and Web services, including WCF and ASMX Walks you through threat modeling, so you can anticipate problems Offers best practices, techniques, and industry trends you can put to use right away Defend and secure your ASP.NET 3.5 framework Web sites with this must–have guide.


Product details

  • Paperback: 436 pages
  • Publisher: John Wiley & Sons; 1 edition (22 Jan 2010)
  • Language: English
  • ISBN-10: 0470743654
  • ISBN-13: 978-0470743652
  • Product Dimensions: 24 x 19 x 2 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 255,741 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

From the Back Cover

A practical guide to securing ASP.NET sites Beginning ASP.NET Security is for novice to intermediate ASP.NET programmers and provides a step–by–step solution to securing each area of ASP.NET development. Rather than approaching security from a theoretical direction, MVP Barry Dorrans shows you examples of how everyday code can be attacked, and describes the steps necessary for defense. Inside, you’ll learn how you can defend your ASP.NET applications using the .NET framework, industry patterns and best practices, code libraries and resources provided by Microsoft and others. Beginning ASP.NET Security: Explores issues with user input including validation, cross–site scripting (XSS) and cross–site request forgery (CSRF) Teaches how to securely access your database and defend against SQL injection attacks Shares techniques for keeping secrets, including encryption, hashing and preventing information leaks Examines methods for authenticating and authorizing users, including ASP.NET membership providers and preventing cookie theft Shares tips for securing your web server, including how ASP.NET uses trust levels and locking down IIS Unveils ways to securely use WCF web services Presents security with the Microsoft ASP.NET Ajax framework and Silverlight Includes an overview of security with the Microsoft MVC framework Wrox Beginning guides are crafted to make learning programming languages and technologies easier than you think, providing a structured, tutorial format that will guide you through all the techniques involved. Programmer Forums Join our Programmer to Programmer forums to ask and answer programming questions about this book, join discussions on the hottest topics in the industry, and connect with fellow programmers from around the world. Code Downloads Take advantage of free code samples from this book, as well as code samples from hundreds of other books, all ready to use. Read More Find articles, ebooks, sample chapters and tables of contents for hundreds of books, and more reference resources on programming topics that matter to you. wrox.com

About the Author

Barry Dorrans is a consultant, speaker and Microsoft MVP in the "Visual Tools – Security" category. His approach to development and writing blends humor with the paranoia suitable for considering security.

Customer Reviews

4 star
0
3 star
0
2 star
0
1 star
0
5.0 out of 5 stars
5.0 out of 5 stars
Most Helpful Customer Reviews
10 of 10 people found the following review helpful
5.0 out of 5 stars Excellent all round coverage of ASP.net security 28 Feb 2010
Format:Paperback
Beginning ASP.net security begins by introducing the reader to security principals such as defence in depth, never trusting user input etc. The author then ensures the reader understands how the web and ASP.net function by providing an overview of HTTP & ASP.net processing of events, form submissions and Viewstate- all essential concepts to understand the security issues surrounding ASP.net applications.

The book is divided into 16 easy to read chapters. Chapters contain small snippets of code and demonstrate various security issues ensuring the reader understands the problem being discussed. Detailed advice is then given and solutions provided to fix the various issues.

Issues are supplemented with real world examples and the author's own experience (I chuckled at the index server example) and help provide some colour to what can be a difficult topic to keep interesting.
The book covers all major web based security issues such as XSS, XSRF, Sql Injection and also related topics such as securing IIS and issues surrounding the file system. Important concepts such as encryption, hashing and certificates are also covered in depth. The final chapters cover advanced topics such as CAS, Securing IIS and third party authentication solutions.

So what could be better? very little the book is clear, easy to read and contains concise examples. I would have perhaps liked to see an example of implementing a custom membership provider and a bit more on client side scripting/ajax related issues but the book does a great job covering the major areas and pointing the reader towards further resources.

I liked that the book provides recipes for dealing with complex problems such as implementing certificate based authentication and implementing Open ID.
Read more ›
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.9 out of 5 stars  7 reviews
6 of 7 people found the following review helpful
5.0 out of 5 stars Excellent all round view of ASP.net security 2 Mar 2010
By A. Mackey - Published on Amazon.com
Format:Paperback
Beginning ASP.net security begins by introducing the reader to security principals such as defence in depth, never trusting user input etc. The author then ensures the reader understands how the web and ASP.net function by providing an overview of HTTP & ASP.net processing of events, form submissions and Viewstate- all essential concepts to understand the security issues surrounding ASP.net applications.

The book is divided into 16 easy to read chapters. Chapters contain small snippets of code and demonstrate various security issues ensuring the reader understands the problem being discussed. Detailed advice is then given and solutions provided to fix the various issues.

Issues are supplemented with real world examples and the author's own experience (I chuckled at the index server example) and help provide some colour to what can be a difficult topic to keep interesting.

The book covers all major web based security issues such as XSS, XSRF, Sql Injection and also related topics such as securing IIS and issues surrounding the file system. Important concepts such as encryption, hashing and certificates are also covered in depth. The final chapters cover advanced topics such as CAS, Securing IIS and third party authentication solutions.

So what could be better? very little the book is clear, easy to read and contains concise examples. I would have perhaps liked to see an example of implementing a custom membership provider and a bit more on client side scripting/ajax related issues but the book does a great job covering the major areas and pointing the reader towards further resources.

I liked that the book provides recipes for dealing with complex problems such as implementing certificate based authentication and implementing Open ID. Several useful tools I wasn't aware of are also referenced.

Before I began reading Barry's book although no security expert I considered that I had a pretty good knowledge of security and was glad to see for the most part the book confirmed my understanding! It always surprises me how many web developers have so little knowledge of basic security concepts and best practice. There is no excuse now and if you have never looked into security this book should be required reading! However don't think that this book has nothing to offer the intermediate/advanced developer as it had many gem's for me (correct implementation of salting passwords, certificates, ViewStateUserKey, WCF security).

This book is a great introduction to security and related concepts and will serve as a useful reference/cook book to more experienced developers.
5 of 6 people found the following review helpful
5.0 out of 5 stars Excellent coverage of Security for ASP.NET 11 July 2010
By Baskin I. Tapkan - Published on Amazon.com
Format:Paperback
Title of Barry Dorrans' book "Beginning ASP.NET Security" is not quite inline with the contents of the book I would think. I would at least make the title 'Intermediate'. Because you may see some eyes roll, when you see "Beginner's..." in the title. However given that securing applications is a journey, rather than the destination, maybe he has a valid point.

Mr. Dorrans does a very thorough job covering many and various aspects of web security. First chapter opens up with a defaced web site and a list "do's", such as never trusting input, failing gracefully (not giving any useful information such as stacktrace), watching and logging actions, and using the least privilege principles while running the applications. Lot of times, I hear "we use SSL, we are secure". Such naive developer should really consider reading this book.

Chapter 2 explains how the web works, and this is totally beginner's chapter, but still a great refresher. Introduces Fiddler2, Tracing in asp.net, the ASP.NET pipeline and web forms. Chapter 3 is about user input. I have read the book "Writing Secure Code" and very glad to see Mr. Dorrans's referencing of this book in the second paragraph. Goes on to introduce cross-site scripting attack and protection of cookies, the out-of-the box Validation controls which classic ASP.NET offers.

Chapter 4 extends the user input validation in forms of query strings, form fields, events and such, and the main take away is the CSRF (Cross-site request forgery) attack. Enjoyed reading the section of writing an HTTP module to protect against CSRF attacks which is a few pages long. Chapter 5 dives into ViewState, validating it, encrypting it. Error handling and logging, exception handling, and WMIare precious gems to take away from this chapter as well.

Chapter 6 is about hashing and encryption. Then goes in depth with salting, storing passwords, types of encyrption which are very inline with the next chapter, about user names and passwords. The authentication and authorization are discussed. Chapter 8 is securing database access, and the well-known SQL-injection attack followed by another chapter on filesystem security. The fileupload control for asp.net is introduced.

Chapter 10 is about XML security, validating, parsing, querying and xpath injection. Really enjoyed the short to the point code snippets in this chapter. Another take away is signing and encrypting an XML document using X509 certificate.

Part III (the remaining chapters) are getting further closer to the metal and relatively new technologies (.NET 3.0 and up). WCF, RIA (Ajax) and CAS are discussed in detail in chapter 11, 12, and 13. I would think in the next release CAS is going to be revised for .NET 4. Chapter 14 is about IIS security, logging etc. Chapter 15, 3rd party authentication was quite welcome these days, really enjoyed the Open-ID introduction and examples around it. The final chapter is about security in the ASP.NET MVC framework, securing controller actions, anti-forgery token for XSS, and using filters to custom authorization which I am actively using in current project.

Really enjoyed reading this book. Covers many aspects of security in various technologies,areas offered by ASP.NET. Highly recommend any developer who is actively developing web pages utilizing the .NET stack.
3 of 4 people found the following review helpful
4.0 out of 5 stars Excellent beginners guide to ASP.NET security 6 May 2010
By Michael Jolley - Published on Amazon.com
Format:Paperback
I was very pleased with the topics covered in this book. Barry Dorrans delivered a very non-interesting subject in a manner that kept your attention throughout. I wish more entry-level developers would read this before getting started. They would certainly have a better understanding of ASP.NET security and how to implement better coding practices up front.
5.0 out of 5 stars Get up to speed quickly on ASP.NET security 6 May 2011
By T. Anderson - Published on Amazon.com
Format:Paperback|Verified Purchase
This is a great book for getting up to speed quickly on security tools available in ASP.NET.

Although the book says it is for beginners, it definitely goes beyond the beginner level.

The book starts out explaining why security matters. It then is broken down into 3 parts, PART I- The Asp.Net Security Basics, PART II Securing Common Asp.Net Tasks, and PART III Advanced Asp.Net Scenarios.

There are full chapters on the following topics Safely Accepting User Input, Hashing and Encryption, Usernames and Passwords, Securely Accessing Databases, Using the File System, Securing XML, WCF Services, Securing Rich Internet Applications, Code Access Security, IIS, and the ASP.NET MVC Framework.

The authors have a writing style that makes the book easy to read from cover to cover, but it also makes a great reference.

The downloadable code is very well organized and easy to use.

If you want to get up to speed quickly on ASP.NET security, this is the book you want.
1 of 2 people found the following review helpful
5.0 out of 5 stars Great security overview 25 July 2012
By JM555 - Published on Amazon.com
Format:Paperback|Verified Purchase
This is a great book about various ASP.NET security topics. I agree with the other reviewers that this isn't strictly a "beginners" book, and actually has a lot of very useful info - the "accepting user input", "encryption" and "database" chapters were especially useful. It's a good balance of information - not so detailed that you'll fall asleep reading it, and not so basic that it's useless in a real world situation.

My only suggestion is that it might be helpful to expand the hashing/encryption chapter a bit more - maybe even break break them into several chapters with more examples. Highly recommended for any ASP.NET developer!
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   


Look for similar items by category


Feedback