Web application security must be addressed across application tiers and at multiple layers. An attacker can exploit weaknesses at any layer. For this reason, the guide takes a holistic approach to application security and applies it at all three layers . This holistic approach to security is shown in Figure 2.
Figure 2 shows the multiple layers covered by the guide, including the network, host, and application. The host layer covers the operating system, platform services and components, and run-time services and components. Platform services and components include Microsoft SQL Server 2000 and Enterprise Services. Runtime services and components include ASP.NET and .NET code access security among others.