List of Tables

Previous page
Table of content
 

Introduction

Table 1: Primary Technologies Addressed by This Guide
Table 2: Newsgroups

Fast Track How To Implement the Guidance

Table 1: Network Security Elements
Table 2: Application Vulnerability Categories
Table 3: SecurityChecklist
Table 4: RACIChart

Chapter 1: Web Application Security Fundamentals

Table 1.1: Network Component Categories
Table 1.2: Rationale for Host Configuration Categories
Table 1.3: Application Vulnerability Categories
Table 1.4: Summary of Core Security Principles

Chapter 2: Threats and Countermeasures

Table 2.1: STRIDE Threats and Countermeasures
Table 2.2: Threats by Application Vulnerability Category

Chapter 3: Threat Modeling

Table 3.1: Implementation Technologies
Table 3.2: Creating a Security Profile
Table 3.3: Code Injection Attack Pattern
Table 3.4: Threat 1
Table 3.5: Threat 2
Table 3.6: Thread Rating Table
Table 3.7: DREAD rating
Table 3.8: Threat 1

Chapter 4: Design Guidelines for Secure Web Applications

Table 4.1: Web Application Vulnerabilities and Potential Problem Due to Bad Design
Table 4.2: Design Guidelines for Your Application

Chapter 5: Architecture and Design Review for Security

Table 5.1: Common Input Validation Vulnerabilities
Table 5.2: Common Authentication Vulnerabilities
Table 5.3: Common Authorization Vulnerabilities
Table 5.4: Common Configuration Management Vulnerabilities
Table 5.5: Common Vulnerabilities with Handling Sensitive Data
Table 5.6: Common Session Management Vulnerabilities
Table 5.7: Common Cryptography Vulnerabilities
Table 5.8: Common Parameter Manipulation Vulnerabilities
Table 5.9: Common Exception Management Vulnerabilities
Table 5.10: Common Auditing and Logging Vulnerabilities

Chapter 6: .NET Security Overview

Table 6.1: Principal and Identity Objects Per Authentication Type
Table 6.2: Permission Types Within the System.Security.Permissions Namespace

Chapter 7: Building Secure Assemblies

Table 7.1: A Comparison of Strong Names and Authenticode Signatures

Chapter 8: Code Access Security in Practice

Table 8.1: Secure Resources and Associated Permissions
Table 8.2: Privileged Operations and Associated Permissions

Chapter 9: Using Code Access Security with ASP.NET

Table 9.1: Restrictions Imposed by the ASP.NET Trust Levels
Table 9.2: ASP.NET Code Access Security Policy Substitution Parameters
Table 9.3: Default ASP.NET Policy Permissions and Trust Levels

Chapter 10: Building Secure ASP.NET Pages and Controls

Table 10.1: Options for Constraining and Sanitizing Data
Table 10.2: Useful Regular Expression Fields

Chapter 11: Building Secure Serviced Components

Table 11.1: Impersonation Levels

Chapter 12: Building Secure Web Services

Table 12.1: XSD Schema Element Examples

Chapter 14: Building Secure Data Access

Table 14.1: Code Access Security Permissions Required by ADO.NET Data Providers

Chapter 15: Securing Your Network

Table 15.1: Commonly Used ICMP Messages
Table 15.2: Source Addresses That Should be Filtered
Table 15.3: Snapshot of a Secure Network

Chapter 16: Securing Your Web Server

Table 16.1: IIS Installation Defaults
Table 16.2: NET Framework Installation Defaults
Table 16.3: Password Policy Default and Recommended Settings
Table 16.4: Snapshot of a Secure Web Server
Table 16.5: Security Notification Services
Table 16.6: Industry Security Notification Services

Chapter 17: Securing Your Application Server

Table 17.1: Enterprise Services Components
Table 17.2: NET Framework Enterprise Services Tools and Configuration Settings
Table 17.3: Enterprise Services Application Authentication Levels

Chapter 18: Securing Your Database Server

Table 18.1: SQL Server Installation Defaults
Table 18.2: Items Not to Install During Custom Installation
Table 18.3: Password Policy Default and Recommended Settings
Table 18.4: NTFS Permissions for SQL Server Service Account
Table 18.5: Snapshot of a Secure Database Server
Table 18.6: Security Notification Services
Table 18.7: Industry Security Notification Services

Chapter 19: Securing Your ASP.NET Application and Web Services

Table 19.1: Configuration File Locations
Table 19.2: Applying Configuration Settings
Table 19.3: Required NTFS Permissions for ASP.NET Process Accounts
Table 19.4: Snapshot of a Secure ASP.NET Application Configuration

Chapter 20: Hosting Multiple Web Applications

Table 20.1: Application Isolation Features for Windows 2000 and Windows Server 2003
Table 20.2: Components of the Windows 2000 ASP.NET Architecture
Table 20.3: Components of the Windows Server 2003 ASP.NET Architecture

Chapter 21: Code Review

Table 21.1: Possible Sources of Input
Table 21.2: Character Representation
Table 21.3: Dangerous Permissions

Chapter 22: Deployment Review

Table 22.1: Source Addresses that Should Be Filtered

How To: Harden the TCP/IP Stack

Table 1: Recommended Values
Table 2: Recommended Values
Table 3: Recommended Values
Table 4: Recommended Values
Table 5: Recommended Values

How To: Secure Your Developer Workstation

Table 6: Configuration: Categories


Previous page
Table of content
 
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
A+ Fast Pass
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Cisco CallManager Fundamentals (2nd Edition)
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy