Other projects:
Inferno, CryptoRandom, TinyORM,
FastGuid FastXor AesGcmStrict

Security Driven .NET

Practical security handbook for .NET developers.

Comments:

"Stan, Thanks for the fantastic book." [from reader's email]
Recommended Resource – OWASP .NET

Contents (70 pages):

  • Preface
    • Who Is This Book For?
    • Why Is This Book Relevant Today?
    • What Makes This Book Different From Other ".NET Security" Books?
    • Source Code Samples
  • Random Number Generators
    • System.Random
    • RNGCryptoServiceProvider
    • Random Integers in Min-Max Range
  • FIPS Mode
  • Hash Functions
    • Object.GetHashCode
    • FNV-1a hash
    • Hash Flooding
    • FNV-1a with Entropy
    • SHA-1 hash
    • SipHash
    • Modern Non-Cryptographic Hashes
    • Cryptographic Hashes
  • HMAC
    • HMAC in .NET
    • Hash and HMAC Factories
  • Key Derivation
    • PBKDF2
    • HKDF
    • PBKDF2 and HKDF together
    • Salt
    • Key Separation
  • Byte Array Comparison
    • Direct Comparison
    • AND Comparison
    • XOR Comparison
    • Double-HMAC Comparison
  • Binary Encodings
    • Base64
    • Base32
    • Base16
  • Text Encodings
    • UTF-32
    • UTF-16
    • UTF-8
    • UTF-7
    • UTF Comparison
    • Safe Construction
    • Serialization
  • Symmetric Encryption
    • AES
    • Key
    • Cipher Mode
    • Padding Mode
    • Initialization Vector
  • Authenticated Encryption (AE)
    • Key Derivation
    • Primitive Choices
    • Length Leaks
    • Common Mistakes
  • ASP.NET Security
  • Session State
  • CSRF
  • Forms Authentication
    • Membership
    • Insider Threats
  • Credential Storage
  • Improving Forms Authentication
  • New ASP.NET Crypto Stack
  • ASP.NET CSRF API
  • Other ASP.NET Concerns
    • Label & Literal
    • Client-side PBKDF
  • Password Reset
  • Asymmetric (Public-Key) Cryptography
    • RSA Key Management
    • RSA Signatures
    • RSA Key Exchange
    • RSA Encryption
    • Perfect Forward Secrecy
    • Key Separation
  • Two-Factor Authentication (2FA)
    • HOTP
    • TOTP
  • Practicing What You Have Learned
    • RavenDB Encryption
    • MSDN Code Sample for Rfc2898DeriveBytes
    • MSDN Code Sample for AES Encryption
  • Attributions

Source code:

Copyright © Stan Drapkin

sdrapkin