Flylib.com
List of Figures
Previous page
Table of content
Next page
Introduction
Figure 1: The scope of Improving Web Application Security: Threats and Countermeasures
Figure 2: Improving Web Application Security: Threats and Countermeasures as it relates to product lifecycle
Figure 3: Improving Web Application Security: Threats and Countermeasures as it relates to MSF
Figure 4: A holistic approach to security
Figure 5: Scope of Volume I, Building Secure ASP.NET Applications
Fast Track How To Implement the Guidance
Figure 1: The scope of the guide
Figure 2: A holistic approach to security
Figure 3: Host security categories
Figure 4: The Threat Modeling Process
Figure 5: Relationship of chapter to product life cycle
Chapter 1: Web Application Security Fundamentals
Figure 1.1: A holistic approach to security
Figure 1.2: Host security categories
Chapter 2: Threats and Countermeasures
Figure 2.1: Basic steps for attacking methodology
Chapter 3: Threat Modeling
Figure 3.1: An overview of the threat modeling process
Figure 3.2: Components of the threat model
Figure 3.3: Sample application architecture diagram
Figure 3.4: Targets for application decomposition
Figure 3.5: Representation of an attack tree
Chapter 4: Design Guidelines for Secure Web Applications
Figure 4.1: Web application design issues
Figure 4.2: Deployment considerations
Figure 4.3: A centralized approach to input validation
Figure 4.4: Input validation strategy: constrain, reject, and sanitize input
Figure 4.5: Impersonation model providing per end user authorization granularity
Figure 4.6: Trusted subsystem model that supports database connection pooling
Figure 4.7: Hybrid model
Chapter 5: Architecture and Design Review for Security
Figure 5.1: Application review
Chapter 6: .NET Security Overview
Figure 6.1: A logical view of (user) role-based security
Figure 6.2: Logical view of code-based security
Figure 6.3: .NET Framework security namespaces
Chapter 7: Building Secure Assemblies
Figure 7.1: Assembly-level threats
Chapter 8: Code Access Security in Practice
Figure 8.1: Code access security a simplified view
Figure 8.2: Policy intersection across policy levels
Figure 8.3: Hierarchical code groups at a single policy level
Figure 8.4: The result of partial trust code calling a strong named assembly
Figure 8.5: An example of a luring attack with link demands
Chapter 9: Using Code Access Security with ASP.NET
Figure 9.1: Common resource types accessed from ASP.NET Web applications and associated permission types
Figure 9.2: Sandboxing privileged code in its own assembly, which asserts the relevant permission
Figure 9.3: Sandboxing OLE DB resource access
Chapter 10: Building Secure ASP.NET Pages and Controls
Figure 10.1: Common threats to ASP.NET Web pages and controls
Figure 10.2: A Web site partitioned into public and secure areas
Figure 10.3: Subdirectory for restricted pages that require authenticated access
Chapter 11: Building Secure Serviced Components
Figure 11.1: Serviced components in a middle- tier Enterprise Services application
Figure 11.2: Enterprise Services threats
Figure 11.3: Enterprise Services typical deployment configurations
Figure 11.4: Using a Web services faade layer to communicate with Enterprise Services using HTTP
Chapter 12: Building Secure Web Services
Figure 12.1: Main Web services threats
Chapter 13: Building Secure Remoted Components
Figure 13.1: Typical remoting deployment
Figure 13.2: Main remoting threat
Figure 13.3: Remoting in a trusted server scenario
Figure 13.4: Using custom encryption sinks
Chapter 14: Building Secure Data Access
Figure 14.1: Threats and attacks to data access code
Figure 14.2: Separation of presentation, business, and data access layers
Figure 14.3: Data access authorization, assembly, and database
Figure 14.4: Detailed exception information revealing sensitive data
Chapter 15: Securing Your Network
Figure 15.1: Network components: router, firewall, and switch
Chapter 16: Securing Your Web Server
Figure 16.1: Prominent Web server threats and common vulnerabilities
Figure 16.2: Web server configuration categories
Figure 16.3: Computer Management MMC snap-in Shares
Figure 16.4: Mapping application extensions
Figure 16.5: Removing unused ISAPI filters
Figure 16.6: Setting
LocalIntranet_Zone
code permissions to
Nothing
Chapter 17: Securing Your Application Server
Figure 17.1: Remote application server deployment model
Figure 17.2: Top application server related threats and vulnerabilities
Figure 17.3: Typical Enterprise Services firewall port configuration
Figure 17.4: Typical Remoting firewall port configuration for HTTP and TCP channel scenarios
Figure 17.5: Remoting with the TCP channel and a Windows service host
Figure 17.6: Remoting with the HTTP channel and an ASP.NET host
Figure 17.7: Enabling role-based security
Figure 17.8: Enabling component-level access checks
Figure 17.9: DCOM impersonation levels
Chapter 18: Securing Your Database Server
Figure 18.1: Top database server threats and vulnerabilities
Figure 18.2: Database server security categories
Figure 18.3: Disabling all protocols except TCP/IP in the SQL Server Network Utility
Figure 18.4: Setting the Hide Server option from the Server Network Utility
Figure 18.5: SQL Server security properties
Chapter 19: Securing Your ASP.NET Application and Web Services
Figure 19.1: ASP.NET configuration files
Figure 19.2: Hierarchical configuration
Chapter 20: Hosting Multiple Web Applications
Figure 20.1: ASP.NET architecture on Windows 2000 with IIS 5
Figure 20.2: ASP.NET architecture on Windows Server 2003 with IIS 6
Figure 20.3: Multiple anonymous accounts used for each application
Figure 20.4: Applications impersonate a fixed account and use that to access resources
Chapter 22: Deployment Review
Figure 22.1: Core elements of a deployment review
Figure 22.2: Netstat output
How To: Implement Patch Management
Figure 1: MBSA scan options
Figure 2: Screenshot of the report details for a scanned machine
Figure 3: Missing patch indication
Figure 4: Patch cannot be confirmed indication
How To: Use IPSec for Filtering Ports and Authentication
Figure 5: IP Filter List dialog box
Figure 6: MyPolicy Properties dialog box
How To: Use the Microsoft Baseline Security Analyzer
Figure 7: SQL Server and MSDE specifics
How To: Create a Custom Encryption Permission
Figure 8: Custom
EncryptionPermission
inheritance hierarchy
Previous page
Table of content
Next page
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors:
Microsoft Corporation
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Scales, Sliders, and Progress Bars
Other Important SWT Components
SWT Graphics and Image Handling
Drawing Diagrams with Draw2D
Sample Application
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Internet Protocol (IP) Routing
Transmission Control Protocol (TCP) Basics
Domain Name System (DNS)
File and Printer Sharing
Internet Protocol Security (IPSec)
C++ How to Program (5th Edition)
Introduction
Software Engineering with Inheritance
typedef
Wrap-Up
Summary
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Chapter Five Stimulating Interest
Chapter Six Defining Pain or Critical Business Issue
Chapter Eleven Gaining Access to People with Power
Chapter Thirteen Closing: Reaching Final Agreement
Chapter Sixteen Creating and Sustaining High-Performance Sales Cultures
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Retail Logistics: Changes and Challenges
Relationships in the Supply Chain
Market Orientation and Supply Chain Management in the Fashion Industry
Temperature-Controlled Supply Chains
Enterprise Resource Planning (ERP) Systems: Issues in Implementation
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
The PSTN Infrastructure
Broadband PLT
HANs
Wireless WANs
Glossary
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies