Rating: 0 out of 5 stars
0 ratings
Ebook52 pages18 minutes
Securing .NET Web Services with SSL: How to Protect “Data in Transit” between Client and Remote Server
By Slava Gomzin
Rating: 0 out of 5 stars
()
About this ebook
Booklet for developers and security professionals on how to implement SSL in order to protect data transmission between .NET client and server. The guide contains examples of the client application code and certificate validations in C#.
Topics include: what is SSL certificate and how to use it to secure .NET Web Services, how to create server and client test certificates, implementing SSL in server and client applications, extra validations of server certificate on client side, and more (Article: ~3,300 words).
Table of Contents includes:
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code Changes
Additional Server Certificate Validations Performed by Client
Testing
Conclusion
Resources
About the Author
Slava Gomzin, CISSP, PCI ISA, PCIP, ECSP, Security+ has more than 15 years of professional experience in software development and security including
12 years in application development for retail industry and electronic payments,
10 years in .NET and SQL Server development,
6 years in application security and PCI compliance.
Slava Gomzin is Security Architect at Retalix USA. He lives in Dallas, Texas.
Author
Slava Gomzin
Slava Gomzin is a Security and Payments Technologist at Hewlett-Packard, where he helps create products that are integrated into modern payment processing ecosystems using the latest security and payments technologies. Prior to joining Hewlett-Packard, Slava was a security architect, corporate product security officer, R&D and application security manager, and development team leader at Retalix, a Division of NCR Retail. As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways. Before moving into security, Slava worked in R&D on design and implementation of new products including next-generation POS systems and various interfaces to payment gateways and processors. Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications. He blogs about payment security at www.gomzin.com.
Read more from Slava Gomzin
Hiding Web Traffic with SSH: How to Protect Your Internet Privacy against Corporate Firewall or Insecure Wireless Protecting Confidential Information: How to Securely Store Sensitive Data Rating: 0 out of 5 stars0 ratingsSecuring Email Communication: How to Protect Your Correspondence from Wiretapping Using Free Tools Rating: 0 out of 5 stars0 ratingsSecuring Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build Rating: 0 out of 5 stars0 ratings
Related to Securing .NET Web Services with SSL
Related ebooks
Dictionary of Information Security Rating: 1 out of 5 stars1/5Web Application Firewall Assurance Rating: 0 out of 5 stars0 ratingsDefense in Depth: An Impractical Strategy for a Cyber-World Rating: 5 out of 5 stars5/5Eleventh Hour Linux+: Exam XK0-003 Study Guide Rating: 4 out of 5 stars4/5Application security in the ISO27001:2013 Environment Rating: 4 out of 5 stars4/510 Things That Used to be Good Ideas in Data Security Rating: 0 out of 5 stars0 ratingsCheckPoint NG VPN 1/Firewall 1: Advanced Configuration and Troubleshooting Rating: 5 out of 5 stars5/5Nessus Network Auditing Rating: 0 out of 5 stars0 ratingsUTM Security with Fortinet: Mastering FortiOS Rating: 5 out of 5 stars5/5Practical VoIP Security Rating: 0 out of 5 stars0 ratingsCISSP Study Guide Rating: 3 out of 5 stars3/5Professional Help: How to Prevent and Fix Malware, Viruses, Spyware and Other Baddies Rating: 0 out of 5 stars0 ratingsSSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratingsSecurity Risk Management: Building an Information Security Risk Management Program from the Ground Up Rating: 4 out of 5 stars4/5OWNED: Why hacking continues to be a problem Rating: 0 out of 5 stars0 ratingsMastering Windows Server 2016 Hyper-V Rating: 5 out of 5 stars5/5Managing Cisco Network Security Rating: 3 out of 5 stars3/5Technological Turf Wars: A Case Study of the Computer Antivirus Industry Rating: 0 out of 5 stars0 ratingsComputer and Information Security Handbook Rating: 2 out of 5 stars2/5IT Manager's Handbook: Getting your New Job Done Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Certification Study Guide: Exam SY0-201 3E Rating: 0 out of 5 stars0 ratingsThe Best Damn Cisco Internetworking Book Period Rating: 5 out of 5 stars5/5Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit Rating: 2 out of 5 stars2/5No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Rating: 4 out of 5 stars4/5
Related podcast episodes
Compressing Certificates in TLS | The Backend Engineering Show 0% found this document usefulEpisode 411: JSJ 406: Security in Node 0% found this document usefulFirefox re-enables TLS 1.0 & TLS 1.1 to allow access to legacy websites hosting COVID19 information 0% found this document usefulMatt Holt on CaddyServer, the ACME Protocol, TLS 0% found this document useful#104 – David Wong: Many Layers of Complexity 0% found this document usefulS15:E6 - What is cryptography and how to get into it ( Marcus Carey): Get out your decoder rings and take a listen 0% found this document usefulTLS - Live Stream (by Hussein Nasser) 0% found this document usefulEpisode 99 - TLS 0% found this document usefulTake 1 Security Podcast: Episode 8 0% found this document usefulEnvoy Proxy Crash Course, Architecture, L7 & L4 Proxying, HTTP/2, Enabling TLS 1.2/1.3 and more 0% found this document useful
Related articles
Understanding The Power Of Certificates Linux FormatArticle
Understanding The Power Of Certificates
Jan 1, 1970
8 min readPeripherals MacFormatArticle
Peripherals
Jan 1, 1970
Is there a hub with three USB-C ports yet? Yes, but it comes with a ‘free’ built-in LG UltraFine 4K display. That offers one additional Thunderbolt 3 port, and three USB-C. Smaller hubs are becoming available now: Belkin promises one with two USB-C p
1 min readMore On Let’s Encrypt Linux FormatArticle
More On Let’s Encrypt
Jan 1, 1970
Let’s Encrypt launched in 2016 and offers both individuals and organisations a way to obtain completely free TLS (historically called SSL) certificates, allowing traffic to be encrypted between a web browser and server. Let’s Encrypt makes use of a c
1 min readLetter of the Month MacLifeArticle
Letter of the Month
Jan 1, 1970
I read with much interest your article on email encryption in issues #121 and #122. The step-bystep instructions are very useful for those who never set up email encryption or know about digital certificates. I would like to recommend that in a futur
2 min readTypical Certificate-related Errors Linux FormatArticle
Typical Certificate-related Errors
Jan 1, 1970
Certificates have a start and end date. When the browser connects to a web page or even if an apt-get update connects to a digitally signed update repository, it checks the local machine time against the certificate validity date and if the time and
1 min readServer Install TechLifeArticle
Server Install
Jan 1, 1970
One way to share access with other users – or to give yourself access to your own collections from multiple devices on your network – is to install the server version of Data Crow. Like the client, it requires Java, so can run on any server that supp
1 min readAn A-Z Of Web Hosting Security Best Practice PC Pro MagazineArticle
An A-Z Of Web Hosting Security Best Practice
Jan 1, 1970
Online breaches are big news and have big impacts on big business. But what about the small business operators? The ones who can’t afford to outsource their web security, let alone to fund in-house security teams? More often than not, these businesse
8 min readSecure Your Server Maximum PCArticle
Secure Your Server
Jan 1, 1970
The basic Bitwardenrs server is up and running, but there are key elements missing: One, there’s no security, and two, you can’t access the server outside your local network. To see what’s required, visit the Bitwardenrs wiki (https://github.com/dani
1 min readAndroid 7.1 Internet Woes Linux FormatArticle
Android 7.1 Internet Woes
Jan 1, 1970
Devices running Android 7.1 or earlier, may find the internet getting smaller in 2021. Let’s Encrypt, one of the world’s biggest certificate authorities, with around 30 per cent of all web domains using its certificates, is ending its partnership wit
1 min readSecure Your Server APCArticle
Secure Your Server
Jan 1, 1970
The basic Bitwardenrs server is up and running, but there are key elements missing: One, there’s no security, and two, you can’t access the server outside your local network. To see what’s required, visit the Bitwardenrs wiki (https://github.com/ dan
1 min readHow Apple Sweats The Security Details – And Sometimes Gets It Wrong Macworld UKArticle
How Apple Sweats The Security Details – And Sometimes Gets It Wrong
Jan 1, 1970
3 min readBuild A Linux Smart Home Office APCArticle
Build A Linux Smart Home Office
Jan 1, 1970
18 min readEverything You Should Know About Cybersecurity Automation TechfastlyArticle
Everything You Should Know About Cybersecurity Automation
Jan 1, 1970
6 min readTHIS MONTH News & Views Italia magazineArticle
THIS MONTH News & Views
Jan 1, 1970
Q Could you explain what a Certificate of Habitability (certificato di abitabilità) is? We have been advised to check that one is available when looking for a property to buy in Italy. A The certificate of habitability certifies that conditions of sa
1 min readInstalling Zulip Linux FormatArticle
Installing Zulip
Jan 1, 1970
1 min readPull, Configure And Run Linux FormatArticle
Pull, Configure And Run
Jan 1, 1970
Guacamole offers ready-to-run installation packages that are available for Linux distros such as CentOS or Debian. However, the thrust of this article is to illustrate running Guacamole in a Docker container context. Fire up an environment where you
8 min readNetSupport Manager 12.8 PC Pro MagazineArticle
NetSupport Manager 12.8
Jan 1, 1970
2 min readEasy Https With Certbot Linux FormatArticle
Easy Https With Certbot
Jan 1, 1970
Certbot is a tool from the Electronic Frontier Foundation that automates the generating and updating of free SSL certificates from Let’s Encrypt. This enables you to serve content over HTTPS, which provides encryption, but also some guarantees that y
1 min readSome Nevada Governments Using Blockchain For Public Records AppleMagazineArticle
Some Nevada Governments Using Blockchain For Public Records
Jan 1, 1970
1 min readPut The Multi Into Multiplayer Linux FormatArticle
Put The Multi Into Multiplayer
Jan 1, 1970
Setting up a multiplayer game requires a client/server configuration. Open the ip_port_to_connect.txt file and alter the second line to include your player’s name or alias. The third line will be the IP address of the computer running the server prog
1 min readSome Nevada Governments Using Blockchain For Public Records TechLife NewsArticle
Some Nevada Governments Using Blockchain For Public Records
Jan 1, 1970
1 min readManaging Expectations Linux FormatArticle
Managing Expectations
Jan 1, 1970
"We took on some new (to us) Linux servers onto support recently. Both the client and we knew that there was a lot of work needed to make them secure and reliable. It can be daunting when the work required looks like a mountain, and you’re standing a
1 min readNot All Certificate Authorities Are Equal Linux FormatArticle
Not All Certificate Authorities Are Equal
Jan 1, 1970
As we have discussed, certificate authorities can sign many different types of certificates. However, a root CA should only ever really be used to create subordinate CAs. While this adds more complexity, the reason for this is that should one sub CA
1 min readLXF’s NEW $HOME Linux FormatArticle
LXF’s NEW $HOME
Jan 1, 1970
7 min readServer Install Maximum PCArticle
Server Install
Jan 1, 1970
One way to share access with other users—or to give yourself access to your own collections from multiple devices on your network—is to install the server version of Data Crow. Like the client, it requires Java, so can run on any server that supports
1 min readQuick Tip Linux FormatArticle
Quick Tip
Jan 1, 1970
Don’t forget to do the Nextcloud security scan, which will ensure your server is kept safe. It’ll warn you about potential issues with your SSL configuration and more. Apply a bit of colour to your setup by adding an avatar to your Nextcloud accoun
1 min readYour First Three Containers Maximum PCArticle
Your First Three Containers
Jan 1, 1970
Containers are easy to create and destroy; if you’re looking to experiment, start with these three simple containers. Booksonic-air (https://hub.docker.com/r/linuxserver/booksonic-air): Create your own audiobook streaming server as featured in the Ho
1 min readJitsi Meet Linux FormatArticle
Jitsi Meet
Jan 1, 1970
4 min readGoing For Gold! Linux FormatArticle
Going For Gold!
Jan 1, 1970
Keith Edmunds is MD of Tiger Computing Ltd, which provides support for businesses using Linux. “A would-be client put in a request: “Can you give us a gold disk so that we can create more servers?” Now I needed to tell them that, unfortunately, they’
1 min readStarletter PC Pro MagazineArticle
Starletter
Jan 1, 1970
We have used Sage Line 50 accounts software for many years. Like most users we don’t use half of the facilities and only upgrade when necessary. We prefer to buy software outright and we like to have it running on our own server so that if the intern
2 min read
Reviews for Securing .NET Web Services with SSL
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Securing .NET Web Services with SSL - Slava Gomzin
Securing .NET Web Services with SSL
How to Protect Data in Transit
between Client and Remote Server
Application Security Series
Slava Gomzin
Cover Photo and Design: Alisa Levy
Smashwords Edition
Copyright © 2012 Slava Gomzin
Table of Contents
Introduction
Vulnerabilities Due To Insecure Communication
Difference between SSL and TLS
Securing Data Transmission with SSL
Different Levels of Security Provided by SSL
SSL Implementation Modes
Server Certificate Only
Server and Client Certificates
SSL Certificates
Certificate Issuing Methods
Self-Signed Certificate
Certificate Issued Using Self-Signed Root Certificate
Certificate Issued through Local Certificate Authority
Certificate Issued through Public Certificate Authority
Test Certificates
Server Test Certificates
Creating Test Certificate Authority
Creating Server Test Certificate for Specific Server Host Name
Creating Server Test Certificate for localhost
Creating Standalone Self-Signed Test Server Certificate (without CA Root)
Obtaining Test Server Certificate from Public Certificate Authority
Going to Production
Client Test Certificate
Creating Client Test Certificate using Root CA Certificate
Implementing SSL on Server
Web Server Configuration
Server Application Configuration
Server Application Code Changes
Implementing SSL on Client
Client Application Configuration
Client Application Code
Enjoying the preview?
Page 1 of 1