Securing .NET Web Services with SSL: How to Protect “Data in Transit” between Client and Remote Server
By Slava Gomzin
()
About this ebook
Booklet for developers and security professionals on how to implement SSL in order to protect data transmission between .NET client and server. The guide contains examples of the client application code and certificate validations in C#.
Topics include: what is SSL certificate and how to use it to secure .NET Web Services, how to create server and client test certificates, implementing SSL in server and client applications, extra validations of server certificate on client side, and more (Article: ~3,300 words).
Table of Contents includes:
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code Changes
Additional Server Certificate Validations Performed by Client
Testing
Conclusion
Resources
About the Author
Slava Gomzin, CISSP, PCI ISA, PCIP, ECSP, Security+ has more than 15 years of professional experience in software development and security including
12 years in application development for retail industry and electronic payments,
10 years in .NET and SQL Server development,
6 years in application security and PCI compliance.
Slava Gomzin is Security Architect at Retalix USA. He lives in Dallas, Texas.
Slava Gomzin
Slava Gomzin is a Security and Payments Technologist at Hewlett-Packard, where he helps create products that are integrated into modern payment processing ecosystems using the latest security and payments technologies. Prior to joining Hewlett-Packard, Slava was a security architect, corporate product security officer, R&D and application security manager, and development team leader at Retalix, a Division of NCR Retail. As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways. Before moving into security, Slava worked in R&D on design and implementation of new products including next-generation POS systems and various interfaces to payment gateways and processors. Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications. He blogs about payment security at www.gomzin.com.
Read more from Slava Gomzin
Hiding Web Traffic with SSH: How to Protect Your Internet Privacy against Corporate Firewall or Insecure Wireless Rating: 0 out of 5 stars0 ratingsSecuring Email Communication: How to Protect Your Correspondence from Wiretapping Using Free Tools Rating: 0 out of 5 stars0 ratingsSecuring Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build Rating: 0 out of 5 stars0 ratingsProtecting Confidential Information: How to Securely Store Sensitive Data Rating: 0 out of 5 stars0 ratings
Related to Securing .NET Web Services with SSL
Related ebooks
The Official (ISC)2 Guide to the CCSP CBK Rating: 0 out of 5 stars0 ratingsWeb Application Security is a Stack: How to CYA (Cover Your Apps) Completely Rating: 0 out of 5 stars0 ratingsSQL Injection Attacks and Defense Rating: 5 out of 5 stars5/5Hyper-V Security Rating: 0 out of 5 stars0 ratingsExam AZ 900: Azure Fundamental Study Guide-2: Explore Azure Fundamental guide and Get certified AZ 900 exam Rating: 0 out of 5 stars0 ratingsSecuring SQL Server: Protecting Your Database from Attackers Rating: 0 out of 5 stars0 ratingsOwasp A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Security Essentials Second Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Exchange 2013 Cookbook Rating: 0 out of 5 stars0 ratingsIT GRC A Complete Guide Rating: 0 out of 5 stars0 ratingsCyber Security Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsApplication Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingssecurity controls A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsThreat Intel A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSD WAN Security A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Maturity Model Certification A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsPKI A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCheckPoint NG VPN 1/Firewall 1: Advanced Configuration and Troubleshooting Rating: 0 out of 5 stars0 ratingsPrivileged Access Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsNetwork Penetration Testing Tools Third Edition Rating: 0 out of 5 stars0 ratingsGrc A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsDLP Architecture Second Edition Rating: 0 out of 5 stars0 ratingsReverse Engineering A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsNetwork Security Assessment: From Vulnerability to Patch Rating: 0 out of 5 stars0 ratingsEC Council Certified Incident Handler A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Review Guide: Exam N10-006 Rating: 0 out of 5 stars0 ratingsComputer Security Vulnerabilities A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsQualified Security Assessor Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsIT Security Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratings
Security For You
How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5How I Rob Banks: And Other Such Places Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsEthical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5
Reviews for Securing .NET Web Services with SSL
0 ratings0 reviews
Book preview
Securing .NET Web Services with SSL - Slava Gomzin
Securing .NET Web Services with SSL
How to Protect Data in Transit
between Client and Remote Server
Application Security Series
Slava Gomzin
Cover Photo and Design: Alisa Levy
Smashwords Edition
Copyright © 2012 Slava Gomzin
Table of Contents
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code