Resources on ASP.NET
The useful list of documentation and guidelines on ASP.NET 2.0 and SQL Server 2005 (this is updated list as the old lists addresses have been changed)
Reference: patterns & practices Security How Tos Index
ASP.NET 2.0
- How To: Configure the Machine Key in ASP.NET 2.0
- How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
- How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
- How To: Create a Service Account for an ASP.NET 2.0 Application
- How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
- How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
- How To: Instrument ASP.NET 2.0 Applications for Security
- How To: Improve Security When Hosting Multiple Applications in ASP.NET 2.0
- How To: Perform a Security Deployment Review for ASP.NET 2.0
- How To: Prevent Cross-Site Scripting in ASP.NET
- How To: Protect Forms Authentication in ASP.NET 2.0
- How To: Protect From Injection Attacks in ASP.NET
- How To: Protect From SQL Injection in ASP.NET
- How To: Use ADAM for Roles in ASP.NET 2.0
- How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
- How To: Use Code Access Security in ASP.NET 2.0
- How To: Use Forms Authentication with Active Directory in ASP.NET 2.0
- How To: Use Forms Authentication with Active Directory in Multiple Domains in ASP.NET 2.0
- How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
- How To: Use Health Monitoring in ASP.NET 2.0
- How To: Use Impersonation and Delegation in ASP.NET 2.0
- How To: Use Medium Trust in ASP.NET 2.0
- How To: Use Membership in ASP.NET 2.0
- How To: Use the Network Service Account to Access Resources in ASP.NET
- How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0
- How To: Use Regular Expressions to Constrain Input in ASP.NET
- How To: Use Role Manager in ASP.NET 2.0
- How To: Use Windows Authentication in ASP.NET 2.0
Authentication and Authorization
- How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
- How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
- How To: Create GenericPrincipal Objects with Forms Authentication
- How To: Protect Forms Authentication in ASP.NET 2.0
- How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
- How To: Use Forms Authentication with Active Directory
- How To: Use Forms Authentication with Active Directory in ASP.NET 2.0
- How To: Use Forms Authentication with Active Directory in Multiple Domains in ASP.NET 2.0
- How To: Use Forms Authentication with SQL Server 2000
- How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
- How To: Use Windows Authentication in ASP.NET 2.0
Code Access Security
- How To: Create a Custom Encryption Permission
- How To: Use Code Access Security in ASP.NET 2.0
- How To: Use Code Access Security Policy to Constrain an Assembly
Code Review
Communications Security
- How To: Call a Web Service Using Client Certificates from ASP.NET
- How To: Call a Web Service Using SSL
- How To: Set Up SSL on a Web Server
- How To: Set Up Client Certificates
- How To: Use IPSec for Filtering Ports and Authentication
- How To: Use IPSec to Provide Secure Communication Between Two Servers
- How To: Use SSL to Secure Communication with SQL Server 2000
Configuration
- How To: Create a Custom Account To Run ASP.NET
- How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
- How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
Cryptography
- How To: Create a DPAPI Library
- How To: Create an Encryption Library
- How To: Store an Encrypted Connection String in the Registry
- How To: Use DPAPI (Machine Store) from ASP.NET
- How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services
Deployment Review
Enterprise Services (.NET Framework 1.1)
Impersonation and Delegation
- How To: Implement Kerberos Delegation for Windows 2000
- How To: Use Impersonation and Delegation in ASP.NET 2.0
Input and Data Validation
- How To: Prevent Cross-Site Scripting in ASP.NET
- How To: Protect From Injection Attacks in ASP.NET
- How To: Protect From SQL Injection in ASP.NET
- How To: Use Regular Expressions to Constrain Input in ASP.NET
Patching and Updating
SQL Server 2000
- How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
- How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
- How To: Protect From SQL Injection in ASP.NET
- How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
- How To: Use SSL to Secure Communication with SQL Server 2000
Threat Modeling
Web Services (.NET Framework 1.1)
- How To: Call a Web Service Using Client Certificates from ASP.NET
- How To: Call a Web Service Using SSL
A Through Z
- How To: Call a Web Service Using Client Certificates from ASP.NET
- How To: Call a Web Service Using SSL
- How To: Create a Custom Account to Run ASP.NET
- How To: Create a Custom Encryption Permission
- How To: Create a DPAPI Library
- How To: Create an Encryption Library
- How To: Create GenericPrincipal Objects with Forms Authentication
- How To: Configure the Machine Key in ASP.NET 2.0
- How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
- How To: Connect to SQL Server Using Windows Authentication in ASP.NET 2.0
- How To: Create a Service Account for an ASP.NET 2.0 Application
- How To: Create a Threat Model for a Web Application at Design Time
- How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
- How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
- How To: Harden the TCP/IP Stack
- How To: Host a Remote Object in a Windows Service
- How To: Implement IPrincipal
- How To: Implement Kerberos Delegation for Windows 2000
- How To: Implement Patch Management
- How To: Improve Security When Hosting Multiple Applications in ASP.NET 2.0
- How To: Instrument ASP.NET 2.0 Applications for Security
- How To: Perform a Security Code Review for Managed Code (Baseline Activity)
- How To: Perform a Security Deployment Review for ASP.NET 2.0
- How To: Prevent Cross-Site Scripting in ASP.NET
- How To: Protect Forms Authentication in ASP.NET 2.0
- How To: Protect From Injection Attacks in ASP.NET
- How To: Protect From SQL Injection in ASP.NET
- How To: Secure Your Developer Workstation
- How To: Set Up SSL on a Web Server
- How To: Set Up Client Certificates
- How To: Store an Encrypted Connection String in the Registry
- How To: Use ADAM for Roles in ASP.NET 2.0
- How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
- How To: Use Code Access Security in ASP.NET 2.0
- How To: Use Code Access Security Policy to Constrain an Assembly
- How To: Use DPAPI (Machine Store) from ASP.NET
- How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services
- How To: Use Forms Authentication with Active Directory
- How To: Use Forms Authentication with Active Directory in ASP.NET 2.0
- How To: Use Forms Authentication with Active Directory in Multiple Domains in ASP.NET 2.0
- How To: Use Forms Authentication with SQL Server 2000
- How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
- How To: Use Health Monitoring in ASP.NET 2.0
- How To: Use IISLockdown.exe
- How To: Use Impersonation and Delegation in ASP.NET 2.0
- How To: Use IPSec for Filtering Ports and Authentication
- How To: Use IPSec to Provide Secure Communication Between Two Servers
- How To: Use Medium Trust in ASP.NET 2.0
- How To: Use Membership in ASP.NET 2.0
- How To: Use the Network Service Account to Access Resources in ASP.NET
- How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0
- How To: Use Regular Expressions to Constrain Input in ASP.NET
- How To: Use Role-based Security with Enterprise Services
- How To: Use Role Manager in ASP.NET 2.0
- How To: Use SSL to Secure Communication with SQL Server 2000
- How To: Use URLScan
- How To: Use Windows Authentication in ASP.NET 2.0
Comments
- Anonymous
October 03, 2007
PingBack from http://www.artofbam.com/wordpress/?p=4997