Free Book - The dotNET Developer's Guide to Windows Security
This
free book, The .NET Developer's Guide to Windows Security, was written
for the many thousands of people involved in designing and writing
software for the Microsoft .NET platform. It is chock-full of tips and
insights about user-based security. The format of this book consists of
75 concise tidbits of helpful reference information. The
“what is” items focus on explaining concepts, and
the “how to” items focus on helping you perform a
common task. Code samples can be downloaded here.
The
.NET Developer's Guide to Windows Security
Table
of Contents
Preface
Acknowledgements
Part 1: The Big Picture
Item 2: What is a countermeasure?
Item 3: What is threat modeling?
Item 4: What is the principle of least privilege?
Item 5: What is the principle of defense in depth?
Item 6: What is authentication?
Item 7: What is a luring attack?
Item 8: What is a non privileged user?
Item 9: How to develop code as a non admin
Item 10: How to enable auditing
Item 11: How to audit access to files
Part 2: Security Context
Item 12: What is a security principal?
Item 14: How to program with SIDs
Item 15: What is security context?
Item 17: What is a logon session?
Item 18: What is a window station?
Item 19: What is a user profile?
Item 22: How to use a privilege
Item 23: How to grant or revoke privileges via security policy
Item 24: What is WindowsIdentity and WindowsPrincipal?
Item 25: How to create a WindowsPrincipal given a token
Item 26: How to get a token for a user
Item 28: How to choose an identity for a daemon
Item 29: How to display a user interface from a daemon
Item 30: How to run a program as another user
Item 31: What is impersonation?
Item 32: How to impersonate a user given her token
Item 33: What is Thread.CurrentPrincipal?
Item 34: How to track client identity using Thread.CurrentPrincipal
Item 35: What is a null session?
Item 36: What is a guest logon?
Item 37: How to deal with unauthenticated clients
Part 3: Access Control
Item 38: What is role based security?
Item 39: What is ACL based security?
Item 40: What is discretionary access control?
Item 42: What is a security descriptor?
Item 43: What is an access control list?
Item 44: What is a permission?
Item 45: What is ACL inheritance?
Item 46: How to take ownership of an object
Item 48: How to persist a security descriptor
Item 49: What is Authorization Manager?
Part 4: COM(+)
Item 50: What is the COM authentication level?
Item 51: What is the COM impersonation level?
Item 52: What is CoInitializeSecurity?
Item 53: How to configure security for a COM client
Item 54: How to configure the authentication and impersonation level for a COM app
Item 55: How to configure the authentication and impersonation level for an ASP.NET app
Item 56: How to implement role based security for a managed COM app
Item 57: How to configure process identity for a COM server app
Part 5: Network Security
Item 60: What is a service principal name SPN?
Item 61: How to use service principal names
Item 63: What is protocol transition?
Item 64: How to configure delegation via security policy
Item 66: How to add CIA to a socket based app using SSPI
Item 67: How to add CIA to .NET Remoting
Item 69: How to use IPSEC to protect your network
Part 6: Misc
Item 70: How to store secrets on a machine
Item 71: How to prompt for a password
Item 72: How to programmatically lock the console
Item 73: How to programatically log off or reboot the machine
Item 74: What is group policy?
Item 75: How to deploy software securely via group policy
Popularity: 18% [?]
Related Posts: