How This Book Is Organized

This book is divided into five parts. Part I discusses fundamental software security concepts. Part II focuses on programming the security features of the .NET runtime. Part III covers the programmatic use of the cryptography classes contained in the .NET class library. Part IV discusses the use of security features more related to the platform on which your applications run. Finally, Part V contains an API reference covering the security classes we discuss in this book.

Part I: Fundamentals

Chapter 1: Introduces some fundamental software security concepts that you should understand before continuing to later chapters. Explains why there is a need for security, discusses the goal of software security, and introduces some important topics that you should be aware of as you begin to develop your own security programming skills.
Chapter 2: Provides an overview of the .NET assembly, which is a key component in .NET security. Describes the structure and contents of an assembly, demonstrates how to create the different types of assembly, and discusses protecting your assemblies from tampering and reverse engineering.
Chapter 3: Explains the role of application domains and discusses the effect they have on application isolation, security, and configuration.
Chapter 4: Discusses the way in which software security is integrated into the application lifetime, and provides practical advice that will help you understand the content contained in later chapters.

Part II: .NET Security

Chapter 5: Introduces the key security features provided by the .NET runtime. Explains the purpose and function of these security features, how they interact with each other, and their relationship with the security provided by the underlying operating system.
Chapter 6: Explains what evidence is and where it comes from, and describes the purpose and use of the different types of evidence, including the standard evidence classes provided with the. NET Framework. Demonstrates how to use evidence programmatically and how to extend the security capabilities of the .NET Framework by developing custom evidence classes.
Chapter 7: Explains what permissions are and discusses their role in the implementation of code-access security. Describes the mechanisms that the runtime uses to enforce code-level security, and explains how you can use permissions to manipulate these mechanisms. Finally, this chapter shows you how to extend code-access security by implementing your own custom permissions.
Chapter 8: Explains how the .NET runtime uses security policy to determine which permissions to grant to an assembly or application domain. Describes the structure of security policy and explains how the component elements interact at runtime. Explains how to manipulate security policy programmatically, and demonstrates the use of application domain policy.
Chapter 9: Outlines the default security policy implemented by the .NET Framework, and discusses the use of the .NET security tools to manage security policy.
Chapter 10: Explains what role-based security is and discusses the .NET Framework's implementation. Describes the classes used to access role-based security, and demonstrates how to use them in your programs.
Chapter 11: Describes what isolated storage is and explains where it provides benefits over existing data storage options. Demonstrates how to use isolated storage in your own programs, as well as how to administer and control access to it.

Part III: .NET Cryptography

Chapter 12: Provides an overview of the different aspects of cryptography and discusses some of the dangers and limitations of which you should be aware.
Chapter 13: Examines hash codes in more depth and shows you how to create and validate hash codes using the .NET Framework classes. Extends the .NET Framework by adding a new hashing algorithm.
Chapter 14: Discusses how to achieve confidentiality with symmetric data encryption, and how to encrypt and decrypt data using the .NET Framework. Shows you how to extend the .NET Framework by adding a new symmetric encryption algorithm.
Chapter 15: Discusses asymmetric encryption, explaining what it is, how it works, and how it overcomes the problem of exchanging secret keys. Demonstrates how to extend the .NET Framework by adding a new asymmetric encryption algorithm.
Chapter 16: Explains what digital signatures are, how they work, and how to use them within your .NET applications. Demonstrates how to extend the .NET Framework by adding support for a custom digital signatures algorithm.
Chapter 17: Discusses the way in which the .NET Framework supports cryptographic keys. Explains the importance of keys, and the decisions you must make in deciding how you will create them.

Part IV: .NET Applications Frameworks

Chapter 18: Introduces the features you can use to increase the security of your ASP.NET applications. Discusses the overall issue of ASP.NET application security, and the mechanisms the .NET Framework implements to provide authentication, authorization, and impersonation services to ASP.NET applications.
Chapter 19: Discusses the COM+ security services, and explains how you can apply them to your COM+ components.
Chapter 20: Describes how to use the Windows Event Logging Service from your .NET applications in order to audit Windows security events.

Part V: API Quick Reference

Part V contains a comprehensive API reference covering the following security-related namespaces of the .NET Framework base class library:

System.Security

System.Security.Cryptography

System.Security.Cryptography.X509Certificates

System.Security.Cryptography.Xml

System.Security.Permissions

System.Security.Policy

System.Security.Principal

[ Team LiB ]