List of Figures

Previous page
Table of content
Next page

Introduction

Figure 1: The scope of Improving Web Application Security: Threats and Countermeasures
Figure 2: Improving Web Application Security: Threats and Countermeasures as it relates to product lifecycle
Figure 3: Improving Web Application Security: Threats and Countermeasures as it relates to MSF
Figure 4: A holistic approach to security
Figure 5: Scope of Volume I, Building Secure ASP.NET Applications

Fast Track How To Implement the Guidance

Figure 1: The scope of the guide
Figure 2: A holistic approach to security
Figure 3: Host security categories
Figure 4: The Threat Modeling Process
Figure 5: Relationship of chapter to product life cycle

Chapter 1: Web Application Security Fundamentals

Figure 1.1: A holistic approach to security
Figure 1.2: Host security categories

Chapter 2: Threats and Countermeasures

Figure 2.1: Basic steps for attacking methodology

Chapter 3: Threat Modeling

Figure 3.1: An overview of the threat modeling process
Figure 3.2: Components of the threat model
Figure 3.3: Sample application architecture diagram
Figure 3.4: Targets for application decomposition
Figure 3.5: Representation of an attack tree

Chapter 4: Design Guidelines for Secure Web Applications

Figure 4.1: Web application design issues
Figure 4.2: Deployment considerations
Figure 4.3: A centralized approach to input validation
Figure 4.4: Input validation strategy: constrain, reject, and sanitize input
Figure 4.5:   Impersonation model providing per end user authorization granularity
Figure 4.6:   Trusted subsystem model that supports database connection pooling
Figure 4.7:   Hybrid model

Chapter 5: Architecture and Design Review for Security

Figure 5.1: Application review

Chapter 6: .NET Security Overview

Figure 6.1: A logical view of (user) role-based security
Figure 6.2: Logical view of code-based security
Figure 6.3: .NET Framework security namespaces

Chapter 7: Building Secure Assemblies

Figure 7.1: Assembly-level threats

Chapter 8: Code Access Security in Practice

Figure 8.1: Code access security a simplified view
Figure 8.2: Policy intersection across policy levels
Figure 8.3: Hierarchical code groups at a single policy level
Figure 8.4: The result of partial trust code calling a strong named assembly
Figure 8.5: An example of a luring attack with link demands

Chapter 9: Using Code Access Security with ASP.NET

Figure 9.1: Common resource types accessed from ASP.NET Web applications and associated permission types
Figure 9.2: Sandboxing privileged code in its own assembly, which asserts the relevant permission
Figure 9.3: Sandboxing OLE DB resource access

Chapter 10: Building Secure ASP.NET Pages and Controls

Figure 10.1: Common threats to ASP.NET Web pages and controls
Figure 10.2: A Web site partitioned into public and secure areas
Figure 10.3: Subdirectory for restricted pages that require authenticated access

Chapter 11: Building Secure Serviced Components

Figure 11.1: Serviced components in a middle- tier Enterprise Services application
Figure 11.2: Enterprise Services threats
Figure 11.3: Enterprise Services typical deployment configurations
Figure 11.4: Using a Web services faade layer to communicate with Enterprise Services using HTTP

Chapter 12: Building Secure Web Services

Figure 12.1: Main Web services threats

Chapter 13: Building Secure Remoted Components

Figure 13.1: Typical remoting deployment
Figure 13.2: Main remoting threat
Figure 13.3: Remoting in a trusted server scenario
Figure 13.4: Using custom encryption sinks

Chapter 14: Building Secure Data Access

Figure 14.1: Threats and attacks to data access code
Figure 14.2: Separation of presentation, business, and data access layers
Figure 14.3: Data access authorization, assembly, and database
Figure 14.4: Detailed exception information revealing sensitive data

Chapter 15: Securing Your Network

Figure 15.1: Network components: router, firewall, and switch

Chapter 16: Securing Your Web Server

Figure 16.1: Prominent Web server threats and common vulnerabilities
Figure 16.2: Web server configuration categories
Figure 16.3: Computer Management MMC snap-in Shares
Figure 16.4: Mapping application extensions
Figure 16.5: Removing unused ISAPI filters
Figure 16.6: Setting LocalIntranet_Zone code permissions to Nothing

Chapter 17: Securing Your Application Server

Figure 17.1: Remote application server deployment model
Figure 17.2: Top application server related threats and vulnerabilities
Figure 17.3: Typical Enterprise Services firewall port configuration
Figure 17.4: Typical Remoting firewall port configuration for HTTP and TCP channel scenarios
Figure 17.5: Remoting with the TCP channel and a Windows service host
Figure 17.6: Remoting with the HTTP channel and an ASP.NET host
Figure 17.7: Enabling role-based security
Figure 17.8: Enabling component-level access checks
Figure 17.9: DCOM impersonation levels

Chapter 18: Securing Your Database Server

Figure 18.1: Top database server threats and vulnerabilities
Figure 18.2: Database server security categories
Figure 18.3: Disabling all protocols except TCP/IP in the SQL Server Network Utility
Figure 18.4: Setting the Hide Server option from the Server Network Utility
Figure 18.5: SQL Server security properties

Chapter 19: Securing Your ASP.NET Application and Web Services

Figure 19.1:   ASP.NET configuration files
Figure 19.2:   Hierarchical configuration

Chapter 20: Hosting Multiple Web Applications

Figure 20.1: ASP.NET architecture on Windows 2000 with IIS 5
Figure 20.2: ASP.NET architecture on Windows Server 2003 with IIS 6
Figure 20.3: Multiple anonymous accounts used for each application
Figure 20.4: Applications impersonate a fixed account and use that to access resources

Chapter 22: Deployment Review

Figure 22.1: Core elements of a deployment review
Figure 22.2: Netstat output

How To: Implement Patch Management

Figure 1: MBSA scan options
Figure 2: Screenshot of the report details for a scanned machine
Figure 3: Missing patch indication
Figure 4: Patch cannot be confirmed indication

How To: Use IPSec for Filtering Ports and Authentication

Figure 5: IP Filter List dialog box
Figure 6: MyPolicy Properties dialog box

How To: Use the Microsoft Baseline Security Analyzer

Figure 7: SQL Server and MSDE specifics

How To: Create a Custom Encryption Permission

Figure 8: Custom EncryptionPermission inheritance hierarchy


Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
A Practitioners Guide to Software Test Design
SQL Hacks
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Sap Bw: a Step By Step Guide for Bw 2.0
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy