codeexamplecandidates

Return to HomePage

Proposed List of Snippets

Candidates

Auditing and Logging
* Log a normal application event
* Log an event relating to sensitive data (ssn, credit card data)
* Logging sensitive data would be limited to masking or one-way hashing SSNs, credit card data, etc
Administration
* Add a Windows Domain Application User Account
* Add a SQL Membership User Account
* Add a Passport Application User Account
* Impersonate a User
* Update a user’s password
Authentication and User Management
* Authenticate a User using
* Passport
* NTLM/Windows Auth
* ActiveDirectory Membership Provider
* Application Account Store
* SQL Membership
* Native LDAP Authentication via secure LDAP bind as user
* Client certificates
* Change a user’s password
* Generate a strong random password
* Implement password policy
* Complexity requirements
* Password expiration and history
Authorization
* Modify an ACL on an Object (Overly broad –needs down scoping)
Communications Security
* Create an encrypted connection to a remote port using SSL
* Create an encrypted connection to a remote port using TLS
* Encrypt an Email using S/MIME
Configuration Management
* Stored a sensitive value in a configuration file (DPAPI)
* Read an encrypted value from a configuration (DPAPI)
Cryptography
* Symmetric Encryption
* Create an encryption key and Initialization Vector
* Encrypt a value using a block cipher
* 3DES
* AES
* Encrypt a value using a stream cipher
* RC4
* Generate a MAC
* Public Key Encryption
* Create a public key pair
* RSA
* Encrypt a value using a public key
* RSA
* Perform a key exchange with a remote entity
* Diffie-Hellman key exchange
* Create a digital certificate
* Public Key Signatures
* Sign a message using private key
* RSA
* Validate a message using sender’s public key
* RSA
* Crytographic Hashes
* Hash a String Using a Random Salt
* SHA-1 (or SHA256?)
* MD5
* Misc
* Generate a cryptographically secure random number
* Store a value in the registry using DPAPI
Database Connectivity
* Execute a query using a prepared statement
* Execute a query using a stored procedure
* Protect credentials within a connection string
Exception Management
* Catch an exception for a business critical action
* Catch an exception when handling a system resource
* Return an error code to the user that maps to a specific exception event
Input and Data Validation
* Safely obtain input from Request object
* Validate input for expected syntax using regular expressions
* Off-the-shelf validators for common types
* Name, Address, Email, URL, Phone, Credit Card, Username, Password, SSN, etc
* Validate other types of input fields
* Filter for a mask field
* Filter for a numeric field
* Filter for a free-text field
* Encode output
* containing HTML/XML
* containing Javascript
I/O
* File
* Create a temporary file which avoids canonicalization and race conditions
* Read from a file on disk
* Create a new file on disk
* Append to a File on disk
* Generate a file download operation (avoiding header injection issues)
* Process
* Exec a new process
Registry
* Protect a key
* Check a key’s permission
Session Management
* Create a session ID
* Associate user data with a session
* Look up user data from session
* Validate a Session ID
* Create an encrypted & signed cookie value for use by another application
* Create an application cookie with proper modes (httponly, secure mode, restrictive hosts / paths, etc)
* Encrypting the ViewState
Webservices
* Perform XML schema validation of payload
* Call a web service using SSL
* Call a web service using client certificates

Return to HomePage

codeexamplecandidates

Proposed List of Snippets

Categories

Candidates