Four basic principles of security
Four basic principles of security
A bit of theory on the beginning
Consideration of types of security threats
Revealing of connected
problems
Consideration of serioussness of security threats
Ensuring of server platform
Minimization of attack surface
Security Configuration Wizard
Fight
against inner enemy
Defence into the depth
Encoding the configuration
sections
Ensuring the channel of net communication
How does HTTP protocol work and why is not secure
How does
SSL/TLS/HTTPS work
How to apply for web server certificate and how to install
it
Quick creation of certificate using the utilities from SDK Platform
Operation of certification authority using Windows Certificate Services
Operation of certification authority using OpenSSL (on the Windows platform
and not just there)
Ensuring the application
Identification, authentication, authorization
Security archtectures of
web application
Accessible mechanism in IIS
How to write your own
authentication modul and why not to do it
Forms Authentication in ASPNET
Authentication tickets and their validity
The time of ticket validity
versus the lenght of session
Cookie and Cookieless authentication
Login
Controls
Static credentials in web.config
Single sign-on within one
domain
Saving of passwords
Encoding, hashing, HMAC
E-mail address verification
Solving of
forgotten password
ASPNET Membership
Membership providers in ASP.NET
Initial setting
ASP.NET Universal
Providers
Use of provider of the third party
Creation of your own
membership provider
ASPNET Roles
Roles of providers in ASP.NET
Creation of your own role of
provider
Ensuring the data by encoding
Secrets, ciphers and paranois in the course of time
Symetric and
asymetric encoding, combinations
Handling with keys
Practical
implementation of encrypted saving of data in .NET using RSA and AES algorithm
and corresponding architectures
