Implementing the Guidance


The guidance throughout the guide is task-based and modular, and each chapter relates to the various stages of the product development life cycle and the various roles involved. These roles include architects , developers, system administrators, and security professionals. You can pick specific chapters to perform a particular task or use a series of chapters for a phase of the product development life cycle.

The checklist shown in Table 3 highlights the areas covered by this guide that are required to secure your network, host, and application.

Table 3: SecurityChecklist

Check

Description

Educate your teams about the threats that affect the network, host, and application layers . Identify common vulnerabilities and attacks, and learn countermeasures. For more information, see Chapter 2, "Threats and Countermeasures."

Create threat models for your Web applications. For more information, see Chapter 3, "Threat Modeling."

Review and implement your company's security policies. If you do not have security policies in place, create them. For more information about creating security policies, see "Security Policy Issues" at the SANS Info Sec Reading Room at http://www.sans.org/rr/catindex.php?cat_id=50 .

Review your network security. For more information, see Chapter 15, "Securing Your Network."

Patch and update your servers. Review your server security settings and compare them with the snapshot of a secure server. For more information, see "Snapshot of a Secure Web Server" in Chapter 16, "Securing Your Web Server."

Educate your architects and developers about Web application security design guidelines and principles. For more information, see Chapter 4, "Design Guidelines for Secure Web Applications."

Educate your architects and developers about writing secure managed code. For more information, see Chapter 7, "Building Secure Assemblies" and Chapter 8, "Code Access Security in Practice."

Secure your developer workstations. For more information, see "How To: Secure Your Developer Workstation" in the "How To" section of this guide.

Review the designs of new Web applications and of existing applications. For more information, see Chapter 5, "Architecture and Design Review for Security."

Educate developers about how to perform code reviews. Perform code reviews for applications in development. For more information, see Chapter 21, "Code Review."

Perform deployment reviews of your applications to identify potential security vulnerabilities. For more information, see Chapter 22, "Deployment Review."




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net