Table of Contents


 

improving web application security: threats and countermeasures  
Improving Web Application Security: Threats and Countermeasures
by Microsoft Corporation  ISBN:0735618429
Microsoft Press © 2003 (863 pages)

This guide helps you design, build, and configure hack-resilient Web applications that reduce the likelihood of successful attacks and mitigate the extent of damage should an attack occur.

Table of Contents
Improving Web Application Security”Threats and Countermeasures
Forewords
Introduction
Solutions at a Glance
Fast Track ” How To Implement the Guidance
Part I -   Introduction to Threats and Countermeasures
Chapter 1 - Web Application Security Fundamentals
Chapter 2 - Threats and Countermeasures
Chapter 3 - Threat Modeling
Part II -   Designing Secure Web Applications
Chapter 4 - Design Guidelines for Secure Web Applications
Chapter 5 - Architecture and Design Review for Security
Part III -   Building Secure Web Applications
Chapter 6 - .NET Security Overview
Chapter 7 - Building Secure Assemblies
Chapter 8 - Code Access Security in Practice
Chapter 9 - Using Code Access Security with ASP.NET
Chapter 10 - Building Secure ASP.NET Pages and Controls
Chapter 11 - Building Secure Serviced Components
Chapter 12 - Building Secure Web Services
Chapter 13 - Building Secure Remoted Components
Chapter 14 - Building Secure Data Access
Part IV -   Securing Your Network, Host, and Application
Chapter 15 - Securing Your Network
Chapter 16 - Securing Your Web Server
Chapter 17 - Securing Your Application Server
Chapter 18 - Securing Your Database Server
Chapter 19 - Securing Your ASP.NET Application and Web Services
Chapter 20 - Hosting Multiple Web Applications
Part V -   Assessing Your Security
Chapter 21 - Code Review
Chapter 22 - Deployment Review
Related Security Resources
Index of Checklists
Checklist - Architecture and Design Review
Checklist - Securing ASP.NET
Checklist - Securing Web Services
Checklist - Securing Enterprise Services
Checklist - Securing Remoting
Checklist - Securing Data Access
Checklist - Securing Your Network
Checklist - Securing Your Web Server
Checklist - Securing Your Database Server
Checklist - Security Review for Managed Code
How To - Index
How To - Implement Patch Management
How To - Harden the TCP/IP Stack
How To - Secure Your Developer Workstation
How To - Use IPSec for Filtering Ports and Authentication
How To - Use the Microsoft Baseline Security Analyzer
How To - Use IISLockdown.exe
How To - Use URLScan
How To - Create a Custom Encryption Permission
How To - Use Code Access Security Policy to Constrain an Assembly
Index
List of Figures
List of Tables


This guide helps you to design, build, and configure hack-resilient Web applications. These are applications that reduce the likelihood of successful attacks and mitigate the extent of damage should an attack occur. This guide uses a three-layered approach: securing the network, securing the host, and securing the application. This guide addresses security across the three physical tiers: Web server, remote applications server, and database server. At each tier , security is addresses at the network layer, the host layer, and the application layer. The guide is organized into various security configuration categories that apply to the host and network, and the application vulnerability categories.

What this guide covers:

  • How to secure the network, host, and application
  • How to identify and evaluate threats using Threat Modeling
  • How to create a secure design
  • How to perform security review on existing architecture and design
  • How to write secure managed code
  • How to perform a security code review and deployment review