Developing Secure Applications with Visual Basic

Davis Chapman is a professional developer with over 15 years of programming experience. Davis is a consultant who has provided application solutions for Fortune 500 companies which have included client/server, web-based and, of course, secure applications. Davis has written and contributed to several Macmillan titles including Sams Teach Yourself Visual C++ 6 in 21 Days, Web Development with Visual Basic 5, and Building Internet Applications with Delphi.

Introduction.


1. Understanding Encryption and Application Security.


Exploring Encryption. Using Certificates with Encryption. Digital Signatures. Message Enveloping. Secure Sockets Layer (SSL). Security and Audit Logs. Summary.



2. Getting Started with the CryptoAPI.


CryptoAPI and Cryptographic Service Providers. Listing CSPs and CSP Types. Summary.



3. Symmetric and Password Encryption.


Generating Hashes of Strings and Messages. Generating Symmetric Keys. Understanding Basic Encryption and Decryption. Building a Simple Encryption Application. Building a File Encryption/Decryption Utility. Summary.



4. Public/Private Key Communications.


Block Versus Stream Algorithms. Generating, Saving, and Retrieving Public/Private Keys. Exporting and Importing Keys. Building a Secure Messaging Utility. Summary.



5. Requesting and Retrieving Certificates.


Digital Certificates Explained. Acquiring Certificates. Building a Certificate Request Utility. Summary.



6. Working with Certificates.


Managing Certificate Stores. Managing Certificates and Certificate Contexts. Getting Information from Certificates. Building a Certificate Maintenance Utility. Summary.



7. Working with Certificate Revocation Lists.


Verifying Certificates Against a CA. Building and Maintaining a Certificate Revocation List. Managing a Certificate Revocation List. Summary.



8. Using Digital Signatures.


What Are Digital Signatures? Signing Messages and Verifying Signatures. Enveloping Messages. Building a Signing Utility. Summary.



9. DCOM Through SSL.


RDS and HTTP. DCOM Tunneling Through TCP/IP. Building a DCOM-HTTPS Application. Summary.



10. Understanding Windows 2000 Security and Security Descriptors.


Windows 2000 Security Overview. Fundamental Security Data Structures. Trustee-Based Access Control. Impersonating a Client. Summary.



11. Using NT Login Authentication.


Validating a Domain Login. Granting Account Permissions. Building a Login Validation Utility. Summary.



12. Working with Active Directory Security (ADSI) and an LDAP Server.


Active Directory and Security. Active Directory Object Schemas. Network Groups and Users. Examining Groups and Users. Summary.



13. Active Directory Security and Searching.


Active Directory Object Security. Searching Active Directory. Examining Active Directory Objects. Summary.



14. Developing with COM+ Security.


What Is COM+? COM+ and Security. Building Security-Aware COM+ Components. Summary.



15. Microsoft Certificate Server.


How Certificate Authorities Work. Generating a Root Certificate. Issuing, Managing, and Revoking Certificates. Summary.



16. Security Standards.


C2 Security. DES and RSA. PGP and Kerberos. Smart Cards and Tokens. Emerging Technologies and Standards. Summary.



17. Legal Issues of Digital Signatures and Encryption.


The Legal Implications of Digital Signatures: Is a Digital Signature a Legal Signature? Using Digital Certificates with Your Application. Encryption and Export Issues. Summary.



Appendix A. Cryptographic Service Providers.


Index.