.NET Security

Our Price $ 49.89       Item Number 419743

Buy New Item Quantity: 1              2              3              4              5              6              7              8              9              10              11              12              13              14              15              16              17              18              19              20              21              22              23              24              25              26              27              28              29              30              31              32              33              34              35              36              37              38              39              40              41              42              43              44              45              46              47              48              49              50              51              52              53              54              55              56              57              58              59              60              61              62              63              64              65              66              67              68              69              70              71              72              73              74              75              76              77              78              79              80              81              82              83              84              85              86              87              88              89              90              91              92              93              94              95              96              97              98              99              100

When you use .NET to create client-and server-side applications, you have to address a new and large set of security issues. .NET Security shows you what you need to know by covering different aspects of the .NET security model through detailed discussions about the key namespaces. The authors demonstrate how to write .NET code to create secure systems within the .NET Framework. They also discuss possible break-ins to the security model in .NET&emdash;and how .NET prevents such intrusions.

This tutorial explains how to use the .NET security and cryptographic classes, and functions as a reference manual for developers seeking to understand security implementation in the .NET Framework. Additionally, the .NET Framework requires understanding in many new areas like managed code, permissions, and evidence&emdash;all of which this dynamic book covers.

The book is actually quite thin compared to its competition, so that should have tipped me off. You could go through it in a couple of days, but the price doesn't reflect that. I was really impressed with the .NET Programming with C# book from the same (small) publisher, so I was really hoping for a lot more. Consider the table of contents and decide for yourself whether this books warrants a purchase. It's a reasonably new topic of course so there are only a few other choices out there right now.

The first couple of chapters make it very clear how to do encryption with .NET. This is the first time I have seen an explanation for what the IV key is for in the encryption algorithms.

I was pleasantly surprised to see the discussion in chapter 3 about XML encryption. The standards for this are just coming into scope and this chapter does a nice job of describing what is happening in this space.

Code access security is a tught topic to cover in a short chaptyer but the authors do a good job. Again, there is a lot of hype about code access security but you have to look hard to find any real information about it. While I don't have to worry about this right now, this chapter gave me a good understanding of what is possible and how to do it.

I also found the last chapters on remoting and ASP.NET interesting and learned a few things in each chaptyer.

Is this book a 'cover everything including the kitchen sink' refernce? No. But it is a very good book for anyone who wants a good, solid introduction to the capabilities of .NET security and cryptography. And for me, that is important! Give me information that I can use and work with now. Not more reference material that I need to digest and sort through.

First chapter starts off with a introduction to Cryptography, good for
someone who is just starting off learning about cryptography, a good
refresher for others who already know about the basics of cryptography.
Second chapter then goes on to talk about how the various cryptography
classes have been implemented in the .NET framework and how they can be
used. They talk about both symmetric and asymetric algorithms, Random Number
Generation, Hashing etc. They even mention Salting, something that's not
very well documented.
Third chapter talks about Xml Encryption and including Digital Signatures in
Xml Documents, this specification was so new when .NET came out that I was
surprised to see the Xml Signature implementation in the System.Security
namespace, the downside though as a result was very little documentation,
not any more though, the third chapter talks about everything one needs to
know about Xml Encryption and Signatures in detail.
The fourth chapters goes into a good amount of detail on Code Access
Security. The authors show a good mix of managing security using both code
and also using the Control Panel utilities. They go on to write and deploy
their
own permission class.
The rest of the book talks about Security when using Remoting and also Role
Based Security, in short they talk about
security considerations in every kind of scenario. The chapters on ASP.NET
security and MS Passport were not that useful to me though since those
topics have pretty much been beaten to death by every ASP.NET book out
there. Oh yes the last chapter on the risks of decompiling .NET assemblies
and suggestions on how to mitigate that was a good read.
APress seems to have developed a knack for publishing books that are thin
and to the point, this one is no exception, I'd give this book an 8 on 10. I
would've given it a higher rating if it would've talked about the
AllowPartiallyTrustedCallersAttribute, I think a discussion of CAS is
incomplete without the mention of this attribute.

Other books out there that cover Security in .NET are the following
1. .NET Framework Security(

http://www.this site.com/exec/obidos/ASIN/067232184X/ ). I saw the table of
contents for this book, it pretty much covered everything this book covers,
this book was a whole lot thicker though, so I did thumb thru it at [a local store], thought the first 3 chapters or so were useless as they talked about
security risks, thought that was pointless since I know pretty much what the
risks are hence I am reading about security :), thought the .NET Security book by APress book
covered pretty much everything that this book has and in a more concise way...

Alas, the book's various topics are only given lip service.

If you're looking for a hard core analysis of code access security, only buy this as a secondary reference.