Hacking the Code: ASP.NET Web Application Security

With so much resting on digital security in our modern world, it s a wonder that such a small percentage of Web sites use encryption. Perhaps the complexity and lack of application support make it difficult, but security is all about protecting data, and you cannot protect data without cryptography. Fortunately, ASP.NET provides an impressive set of cryptography-related classes to protect even the most sensitive data. Best of all, ASP.NET makes it easy to implement cryptography throughout your application.
But cryptography is about more than just ensuring the confidentiality of your data. In fact, cryptography plays many roles in data security, such as:
Ensuring data integrity
Guaranteeing privacy
Authenticating senders and recipients
Preventing repudiation
Data integrity involves proving that data has remained unmodified since a certain point in time. Privacy and confidentiality prevent others from accessing your data without your permission. Authentication is proving that the data came from the stated source and that it is accessible to only the stated recipient. Finally, repudiation is denying an action or ownership of data. Cryptography forces a user to acknowledge an action or concede ownership of data.
As you read this chapter, you will find concepts sometimes unique to the science of cryptography. Although a full discussion of the workings of cryptography is beyond the scope of this book, it is important to understand some of these concepts:
Plaintext The original unmodified, unprotected data., also known as cleartext.
Ciphertext The plaintext transformed in...