EC-Council Certified Secure Programmer
EC-Council Certified Secure Programmer
EC-Council Certified Secure Programmer
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
o Design Considerationso Application Categories Considerations:• Auditing and Logging• Authentication–Forms• Authorization• Communication Security• Steps to Encrypt Configuration Sections in ASP.NET using DPAPI• Configuring Security with Mscorcfg.msc• Process Identity for ASP.NET• Impersonation• Impersonation Sample Code• <strong>Secure</strong> Communication• Storing Secrets• Options for Storing Secrets in ASP.NET• Web.config Vulnerabilities:o Default Error Messageo Leaving Tracing Enabled in Web-Based Applicationso Enabled Debuggingo Cookies Accessible through Client-Side Scripto Enabled Cookieless Session Stateo Enabled Cookieless Authenticationo Failure to Require SSL for Authentication Cookieso Sliding Expirationo Non-Unique Authentication Cookieo Hardcoded Credential• Securing Session and View State• Web Form Considerations• Securing Web ServicesPage 19http://www.eccouncil.org<strong>EC</strong>-<strong>Council</strong>