Securing .NET Web Services with SSL: How to Protect “Data in Transit” between Client and Remote Server
By Slava Gomzin
()
About this ebook
Booklet for developers and security professionals on how to implement SSL in order to protect data transmission between .NET client and server. The guide contains examples of the client application code and certificate validations in C#.
Topics include: what is SSL certificate and how to use it to secure .NET Web Services, how to create server and client test certificates, implementing SSL in server and client applications, extra validations of server certificate on client side, and more (Article: ~3,300 words).
Table of Contents includes:
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code Changes
Additional Server Certificate Validations Performed by Client
Testing
Conclusion
Resources
About the Author
Slava Gomzin, CISSP, PCI ISA, PCIP, ECSP, Security+ has more than 15 years of professional experience in software development and security including
12 years in application development for retail industry and electronic payments,
10 years in .NET and SQL Server development,
6 years in application security and PCI compliance.
Slava Gomzin is Security Architect at Retalix USA. He lives in Dallas, Texas.
Slava Gomzin
Slava Gomzin is a Security and Payments Technologist at Hewlett-Packard, where he helps create products that are integrated into modern payment processing ecosystems using the latest security and payments technologies. Prior to joining Hewlett-Packard, Slava was a security architect, corporate product security officer, R&D and application security manager, and development team leader at Retalix, a Division of NCR Retail. As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways. Before moving into security, Slava worked in R&D on design and implementation of new products including next-generation POS systems and various interfaces to payment gateways and processors. Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications. He blogs about payment security at www.gomzin.com.
Read more from Slava Gomzin
Hiding Web Traffic with SSH: How to Protect Your Internet Privacy against Corporate Firewall or Insecure Wireless Rating: 0 out of 5 stars0 ratingsSecuring Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build Rating: 0 out of 5 stars0 ratingsSecuring Email Communication: How to Protect Your Correspondence from Wiretapping Using Free Tools Rating: 0 out of 5 stars0 ratingsProtecting Confidential Information: How to Securely Store Sensitive Data Rating: 0 out of 5 stars0 ratings
Related to Securing .NET Web Services with SSL
Related ebooks
The Official (ISC)2 Guide to the CCSP CBK Rating: 0 out of 5 stars0 ratingsExam AZ 900: Azure Fundamental Study Guide-2: Explore Azure Fundamental guide and Get certified AZ 900 exam Rating: 0 out of 5 stars0 ratingsSQL Injection Attacks and Defense Rating: 5 out of 5 stars5/5Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure Rating: 4 out of 5 stars4/5Hyper-V Security Rating: 0 out of 5 stars0 ratingsSecuring Windows Server 2008: Prevent Attacks from Outside and Inside Your Organization Rating: 0 out of 5 stars0 ratingsAzure Security Handbook: A Comprehensive Guide for Defending Your Enterprise Environment Rating: 0 out of 5 stars0 ratingsSecuring SQL Server: Protecting Your Database from Attackers Rating: 0 out of 5 stars0 ratingsMicrosoft Security Essentials Second Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Exchange 2013 Cookbook Rating: 0 out of 5 stars0 ratingsOwasp A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Security A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Forefront Identity Manager 2010 R2 Handbook Rating: 0 out of 5 stars0 ratingsPKI A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Windows Security Fundamentals: For Windows 2003 SP1 and R2 Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsMicrosegmentation Architectures A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsReverse Engineering A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsNosql A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingssecurity controls A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCyber Security Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsThe Best Damn Exchange, SQL and IIS Book Period Rating: 0 out of 5 stars0 ratingsVirtual Desktop Infrastructure VDI A Complete Guide Rating: 0 out of 5 stars0 ratingsAzure Active Directory B2B Collaboration A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPKI Management A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsEmail Security Architecture A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsManaging Information Security Rating: 0 out of 5 stars0 ratingsActive Directory Rights Management Services A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsCybersecurity Maturity Model Certification A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratings
Security For You
Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsMake Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Hacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5
Reviews for Securing .NET Web Services with SSL
0 ratings0 reviews
Book preview
Securing .NET Web Services with SSL - Slava Gomzin
Securing .NET Web Services with SSL
How to Protect Data in Transit
between Client and Remote Server
Application Security Series
Slava Gomzin
Cover Photo and Design: Alisa Levy
Smashwords Edition
Copyright © 2012 Slava Gomzin
Table of Contents
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code