Other projects:
Inferno,
CryptoRandom,
TinyORM,
FastGuid
FastXor
AesGcmStrict
Security Driven .NET
Practical security handbook for .NET developers.
Comments:
Essential to every .NET developer working on security controls: http://t.co/NelRXlQgIt
— Brice Williams (@bricex) May 1, 2014I had a look at an earlier revision of the book "Security Driven .NET". Very nice, now on the market: http://t.co/tC4LBSyA0d
— Troy Hunt (@troyhunt) October 28, 2013
Working my way through "Security Driven .NET" - really impressed - good detail, no space-filling waffle, good tips. - kudos @sdrapkin
— Marc Gravell (@marcgravell) November 9, 2013
"Stan, Thanks for the fantastic book." [from reader's email]
Recommended Resource – OWASP .NET
Contents (70 pages):
-
Preface
- Who Is This Book For?
- Why Is This Book Relevant Today?
- What Makes This Book Different From Other ".NET Security" Books?
- Source Code Samples
-
Random Number Generators
- System.Random
- RNGCryptoServiceProvider
- Random Integers in Min-Max Range
- FIPS Mode
-
Hash Functions
- Object.GetHashCode
- FNV-1a hash
- Hash Flooding
- FNV-1a with Entropy
- SHA-1 hash
- SipHash
- Modern Non-Cryptographic Hashes
- Cryptographic Hashes
-
HMAC
- HMAC in .NET
- Hash and HMAC Factories
-
Key Derivation
- PBKDF2
- HKDF
- PBKDF2 and HKDF together
- Salt
- Key Separation
-
Byte Array Comparison
- Direct Comparison
- AND Comparison
- XOR Comparison
- Double-HMAC Comparison
-
Binary Encodings
- Base64
- Base32
- Base16
-
Text Encodings
- UTF-32
- UTF-16
- UTF-8
- UTF-7
- UTF Comparison
- Safe Construction
- Serialization
-
Symmetric Encryption
- AES
- Key
- Cipher Mode
- Padding Mode
- Initialization Vector
-
Authenticated Encryption (AE)
- Key Derivation
- Primitive Choices
- Length Leaks
- Common Mistakes
- ASP.NET Security
- Session State
- CSRF
-
Forms Authentication
- Membership
- Insider Threats
- Credential Storage
- Improving Forms Authentication
- New ASP.NET Crypto Stack
- ASP.NET CSRF API
-
Other ASP.NET Concerns
- Label & Literal
- Client-side PBKDF
- Password Reset
-
Asymmetric (Public-Key) Cryptography
- RSA Key Management
- RSA Signatures
- RSA Key Exchange
- RSA Encryption
- Perfect Forward Secrecy
- Key Separation
-
Two-Factor Authentication (2FA)
- HOTP
- TOTP
-
Practicing What You Have Learned
- RavenDB Encryption
- MSDN Code Sample for Rfc2898DeriveBytes
- MSDN Code Sample for AES Encryption
- Attributions
Source code:
Copyright © Stan Drapkin
sdrapkin