Table of Contents |
| Improving Web Application Security”Threats and Countermeasures |
| Forewords |
| Introduction |
| Solutions at a Glance |
| Fast Track ” How To Implement the Guidance |
| Part I - Introduction to Threats and Countermeasures |
| Chapter 1 | - | Web Application Security Fundamentals |
| Chapter 2 | - | Threats and Countermeasures |
| Chapter 3 | - | Threat Modeling |
| Part II - Designing Secure Web Applications |
| Chapter 4 | - | Design Guidelines for Secure Web Applications |
| Chapter 5 | - | Architecture and Design Review for Security |
| Part III - Building Secure Web Applications |
| Chapter 6 | - | .NET Security Overview |
| Chapter 7 | - | Building Secure Assemblies |
| Chapter 8 | - | Code Access Security in Practice |
| Chapter 9 | - | Using Code Access Security with ASP.NET |
| Chapter 10 | - | Building Secure ASP.NET Pages and Controls |
| Chapter 11 | - | Building Secure Serviced Components |
| Chapter 12 | - | Building Secure Web Services |
| Chapter 13 | - | Building Secure Remoted Components |
| Chapter 14 | - | Building Secure Data Access |
| Part IV - Securing Your Network, Host, and Application |
| Chapter 15 | - | Securing Your Network |
| Chapter 16 | - | Securing Your Web Server |
| Chapter 17 | - | Securing Your Application Server |
| Chapter 18 | - | Securing Your Database Server |
| Chapter 19 | - | Securing Your ASP.NET Application and Web Services |
| Chapter 20 | - | Hosting Multiple Web Applications |
| Part V - Assessing Your Security |
| Chapter 21 | - | Code Review |
| Chapter 22 | - | Deployment Review |
| Related Security Resources |
| Index of Checklists |
| Checklist | - | Architecture and Design Review |
| Checklist | - | Securing ASP.NET |
| Checklist | - | Securing Web Services |
| Checklist | - | Securing Enterprise Services |
| Checklist | - | Securing Remoting |
| Checklist | - | Securing Data Access |
| Checklist | - | Securing Your Network |
| Checklist | - | Securing Your Web Server |
| Checklist | - | Securing Your Database Server |
| Checklist | - | Security Review for Managed Code |
| How To | - | Index |
| How To | - | Implement Patch Management |
| How To | - | Harden the TCP/IP Stack |
| How To | - | Secure Your Developer Workstation |
| How To | - | Use IPSec for Filtering Ports and Authentication |
| How To | - | Use the Microsoft Baseline Security Analyzer |
| How To | - | Use IISLockdown.exe |
| How To | - | Use URLScan |
| How To | - | Create a Custom Encryption Permission |
| How To | - | Use Code Access Security Policy to Constrain an Assembly |
| Index |
| List of Figures |
| List of Tables |