Securing .NET Web Services with SSL: How to Protect “Data in Transit” between Client and Remote Server
By Slava Gomzin
()
About this ebook
Booklet for developers and security professionals on how to implement SSL in order to protect data transmission between .NET client and server. The guide contains examples of the client application code and certificate validations in C#.
Topics include: what is SSL certificate and how to use it to secure .NET Web Services, how to create server and client test certificates, implementing SSL in server and client applications, extra validations of server certificate on client side, and more (Article: ~3,300 words).
Table of Contents includes:
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code Changes
Additional Server Certificate Validations Performed by Client
Testing
Conclusion
Resources
About the Author
Slava Gomzin, CISSP, PCI ISA, PCIP, ECSP, Security+ has more than 15 years of professional experience in software development and security including
12 years in application development for retail industry and electronic payments,
10 years in .NET and SQL Server development,
6 years in application security and PCI compliance.
Slava Gomzin is Security Architect at Retalix USA. He lives in Dallas, Texas.
Slava Gomzin
Slava Gomzin is a Security and Payments Technologist at Hewlett-Packard, where he helps create products that are integrated into modern payment processing ecosystems using the latest security and payments technologies. Prior to joining Hewlett-Packard, Slava was a security architect, corporate product security officer, R&D and application security manager, and development team leader at Retalix, a Division of NCR Retail. As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways. Before moving into security, Slava worked in R&D on design and implementation of new products including next-generation POS systems and various interfaces to payment gateways and processors. Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications. He blogs about payment security at www.gomzin.com.
Read more from Slava Gomzin
Hiding Web Traffic with SSH: How to Protect Your Internet Privacy against Corporate Firewall or Insecure Wireless Rating: 0 out of 5 stars0 ratingsSecuring Email Communication: How to Protect Your Correspondence from Wiretapping Using Free Tools Rating: 0 out of 5 stars0 ratingsSecuring Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build Rating: 0 out of 5 stars0 ratingsProtecting Confidential Information: How to Securely Store Sensitive Data Rating: 0 out of 5 stars0 ratings
Related to Securing .NET Web Services with SSL
Related ebooks
Exam AZ 900: Azure Fundamental Study Guide-2: Explore Azure Fundamental guide and Get certified AZ 900 exam Rating: 0 out of 5 stars0 ratingsThe Official (ISC)2 Guide to the CCSP CBK Rating: 0 out of 5 stars0 ratingsSoftware Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsSecuring Windows Server 2008: Prevent Attacks from Outside and Inside Your Organization Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsPKI Management A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Security Essentials Second Edition Rating: 0 out of 5 stars0 ratingsSecuring SQL Server: Protecting Your Database from Attackers Rating: 0 out of 5 stars0 ratingsNosql A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsAzure Active Directory B2B Collaboration A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsOwasp A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsQualys Third Edition Rating: 0 out of 5 stars0 ratingsAzure Active Directory A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsActive Directory Domain Services A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCCNA Cisco Certified Network Associate A Practical Study Guide on Passing the Exam Rating: 0 out of 5 stars0 ratingsGIAC Security Essentials A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsVirtual Desktop Infrastructure VDI A Complete Guide Rating: 0 out of 5 stars0 ratingsSailpoint IdentityIQ A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPKI Deployments A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsActive Directory Rights Management Services A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsDLP Architecture Second Edition Rating: 0 out of 5 stars0 ratingsAzure AD Domain Services A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsQualified Security Assessor Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsCybersecurity Maturity Model Certification A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsActive Directory Migrations The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsInformation technology audit The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsMicrosoft Windows Security Fundamentals: For Windows 2003 SP1 and R2 Rating: 0 out of 5 stars0 ratingsMulti Factor Authentication A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsThe Real Citrix CCA Exam Preparation Kit: Prepare for XenApp 5.0 Rating: 2 out of 5 stars2/5Computer Security Vulnerabilities A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratings
Security For You
Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5Hacking For Dummies Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Hacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Study Guide: Exam N10-004: Exam N10-004 2E Rating: 4 out of 5 stars4/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Study Guide: Exam CS0-003 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Measure Anything in Cybersecurity Risk Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5
Reviews for Securing .NET Web Services with SSL
0 ratings0 reviews
Book preview
Securing .NET Web Services with SSL - Slava Gomzin
Securing .NET Web Services with SSL
How to Protect Data in Transit
between Client and Remote Server
Application Security Series
Slava Gomzin
Cover Photo and Design: Alisa Levy
Smashwords Edition
Copyright © 2012 Slava Gomzin
Table of Contents
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code