You are previewing Developing Secure Applications with Visual Basic.
O'Reilly logo
Developing Secure Applications with Visual Basic

Book Description

Using client-proven methods, and over 15 years of programming experience, expert author Davis Chapman empowers developers to create powerful, secure applications. Developing Secure Applications with Visual Basic first provides you with an understanding of encryption, and then guides you through adding security features to your own applications using the Microsoft CryptoAPI, and the new security features of Windows 2000. Developers who have been confused by the high-end, academic style of other encryption books and cryptography theory will delight with Chapman's understandable style and hands-on methods. This book covers security topics developers want and need to know including File Encryption, Encrypted Communications, Working with Certificates, Digital Signatures, SChannel Communications (SSL), Secure E-Mail, and much more.

Table of Contents

  1. Copyright
  2. About the Author
  3. Acknowledgments
  4. Tell Us What You Think!
  5. Introduction
  6. Understanding Encryption and Application Security
    1. Exploring Encryption
    2. Using Certificates with Encryption
    3. Digital Signatures
    4. Message Enveloping
    5. Secure Sockets Layer (SSL)
    6. Security and Audit Logs
    7. Summary
  7. Getting Started with the CryptoAPI
    1. CryptoAPI and Cryptographic Service Providers
    2. Listing CSPs and CSP Types
    3. Summary
  8. Symmetric and Password Encryption
    1. Generating Hashes of Strings and Messages
    2. Generating Symmetric Keys
    3. Understanding Basic Encryption and Decryption
    4. Building a Simple Encryption Application
    5. Building a File Encryption/Decryption Utility
    6. Summary
  9. Public/Private Key Communications
    1. Block Versus Stream Algorithms
    2. Generating, Saving, and Retrieving Public/Private Keys
    3. Exporting and Importing Keys
    4. Building a Secure Messaging Utility
    5. Summary
  10. Requesting and Retrieving Certificates
    1. Digital Certificates Explained
    2. Acquiring Certificates
    3. Building a Certificate Request Utility
    4. Summary
  11. Working with Certificates
    1. Managing Certificate Stores
    2. Managing Certificates and Certificate Contexts
    3. Getting Information from Certificates
    4. Building a Certificate Maintenance Utility
    5. Summary
  12. Working with Certificate Revocation Lists
    1. Verifying Certificates Against a CA
    2. Building and Maintaining a Certificate Revocation List
    3. Managing a Certificate Revocation List
    4. Summary
  13. Using Digital Signatures
    1. What Are Digital Signatures?
    2. Signing Messages and Verifying Signatures
    3. Enveloping Messages
    4. Building a Signing Utility
    5. Summary
  14. DCOM Through SSL
    1. RDS and HTTP
    2. DCOM Tunneling Through TCP/IP
    3. Building a DCOM-HTTPS Application
    4. Summary
  15. Understanding Windows 2000 Security and Security Descriptors
    1. Windows 2000 Security Overview
    2. Fundamental Security Data Structures
    3. Trustee-Based Access Control
    4. Impersonating a Client
    5. Summary
  16. Using NT Login Authentication
    1. Validating a Domain Login
    2. Granting Account Permissions
    3. Building a Login Validation Utility
    4. Summary
  17. Working with Active Directory Security (ADSI) and an LDAP Server
    1. Active Directory and Security
    2. Active Directory Object Schemas
    3. Network Groups and Users
    4. Examining Groups and Users
    5. Summary
  18. Active Directory Security and Searching
    1. Active Directory Object Security
    2. Searching Active Directory
    3. Examining Active Directory Objects
    4. Summary
  19. Developing with COM+ Security
    1. What Is COM+?
    2. COM+ and Security
    3. Building Security-Aware COM+ Components
    4. Summary
  20. Microsoft Certificate Server
    1. How Certificate Authorities Work
    2. Generating a Root Certificate
    3. Issuing, Managing, and Revoking Certificates
    4. Summary
  21. Security Standards
    1. C2 Security
    2. DES and RSA
    3. PGP and Kerberos
    4. Smart Cards and Tokens
    5. Emerging Technologies and Standards
    6. Summary
  22. Legal Issues of Digital Signatures and Encryption
    1. The Legal Implications of Digital Signatures: Is a Digital Signature a Legal Signature?
    2. Using Digital Certificates with Your Application
    3. Encryption and Export Issues
    4. Summary
  23. Cryptographic Service Providers
    1. The Cryptographic Service Provider (CSP) Plug-In Architecture
    2. Available CSPs
  24. Index