Positioning of This Guide | Improving Web Application Security: Threats and Countermeasures

This is Volume II in a series dedicated to helping customers plan, build, deploy, and operate secure Web applications: Volume I , Building Secure ASP.NET Applications : Authentication, Authorization, and Secure Communication , and Volume II, Improving Web Application Security: Threats and Countermeasures .

Volume I, Building Secure ASP.NET Applications

Building Secure ASP.NET Applications helps you to build a robust authentication and authorization mechanism for your application. It focuses on identity management through the tiers of a distributed Web application. By developing a solid authentication and authorization strategy early in the design, you can eliminate a high percentage of application security issues. The primary audience for Volume I is architects and lead developers.

Figure 5 shows the scope of Volume I. The guide addresses authentication, authorization, and secure communication across the tiers of a distributed Web application. The technologies that are covered are the same as the current guide and include Windows 2000 Server, IIS, ASP.NET Web applications and Web services, Enterprise Services, .NET Remoting, SQL Server, and ADO.NET.

Figure 5: Scope of Volume I, Building Secure ASP.NET Applications

Volume II, Improving Web Application Security

This guide helps you build and maintain hack-resilient applications. It takes a broader look at security across the tiers, focusing on threats and countermeasures at the network, host, and application levels. The intended audience is broader and the guidance can be applied throughout the product life cycle.

For additional related work, see the "Resources" chapter provided at the end of the guide.