Booklet for developers and security professionals on how to implement SSL in order to protect data transmission between .NET client and server. The guide contains examples of the client application code and certificate validations in C#.
Topics include: what is SSL certificate and how to use it to secure .NET Web Services, how to create server and client test certificates, implementing SSL in server and client applications, extra validations of server certificate on client side, and more (Article: ~3,300 words).
Table of Contents includes: Introduction Vulnerabilities Due To Insecure Communication Difference between SSL and TLS Securing Data Transmission with SSL Different Levels of Security Provided by SSL SSL Implementation Modes Server Certificate Only Server and Client Certificates SSL Certificates Certificate Issuing Methods Self-Signed Certificate Certificate Issued Using Self-Signed Root Certificate Certificate Issued through Local Certificate Authority Certificate Issued through Public Certificate Authority Test Certificates Server Test Certificates Creating Test Certificate Authority Creating Server Test Certificate for Specific Server Host Name Creating Server Test Certificate for localhost Creating Standalone Self-Signed Test Server Certificate (without CA Root) Obtaining Test Server Certificate from Public Certificate Authority Going to Production Client Test Certificate Creating Client Test Certificate using Root CA Certificate Implementing SSL on Server Web Server Configuration Server Application Configuration Server Application Code Changes Implementing SSL on Client Client Application Configuration Client Application Code Changes Additional Server Certificate Validations Performed by Client Testing Conclusion Resources About the Author
Slava Gomzin, CISSP, PCI ISA, PCIP, ECSP, Security+ has more than 15 years of professional experience in software development and security including 12 years in application development for retail industry and electronic payments, 10 years in .NET and SQL Server development, 6 years in application security and PCI compliance. Slava Gomzin is Security Architect at Retalix USA. He lives in Dallas, Texas.
Slava Gomzin is a Security and Payments Technologist at Hewlett-Packard, where he helps create products that are integrated into modern payment processing ecosystems using the latest security and payments technologies. Prior to joining Hewlett-Packard, Slava was a security architect, corporate product security officer, R&D and application security manager, and development team leader at Retalix, a Division of NCR Retail. As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways. Before moving into security, Slava worked in R&D on design and implementation of new products including next-generation POS systems and various interfaces to payment gateways and processors. Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications. He blogs about payment security at www.gomzin.com.read more
Reviews for Securing .NET Web Services with SSL: How to Protect “Data...