Foreword by Erik Olson

Previous page
Table of content
Next page

For many years , application security has been a craft learned by apprenticeship. Unfortunately, the stakes are high and the lessons hard. Most agree that a better approach is needed: we must understand threats, use these hard lessons to develop sound practices, and use solid research practices to provide layers of defense.

Web applications are the portals to many corporate secrets. Whether they sit on the edge of the lawless Internet frontier or safeguard the corporate payroll, these applications are a popular target for all sorts of mischief. Web application developers cannot afford to be uncertain about the risks to their applications or the remedies that mitigate these risks. The potential for damage and the variety of threats is staggering, both from within and without. However, while many threats exist, the remedies can be crystallized into a tractable set of practices and procedures that can mitigate known threats and help to guard against the next unknown threat.

The .NET Framework and the Common Language Runtime were designed and built with these threats in mind. They provide a powerful platform for writing secure applications and a rich set of tools for validating and securing application assets. Note, however, that even powerful tools must be guided by careful hands.

This guide presents a clear and structured approach to dealing with Web application security. In it, you will find the building blocks that enable you to build and deploy secure Web applications using ASP.NET and the .NET Framework.

The guide begins with a vocabulary for understanding the jargon-rich language of security spoken by programmers and security professionals. It includes a catalog of threats faced by Web applications and a model for identifying threats relevant to a given scenario. A formal model is described for identifying, classifying, and understanding threats so that sound designs and solid business decisions can be made.

The text provides a set of guidelines and recommended design and programming practices. These guidelines are the collective wisdom that comes from a deep analysis of both mistakes that have been made and mistakes that have been successfully avoided.

The tools of the craft provided by ASP.NET and the .NET Framework are introduced, with detailed guidance on how to use them. Proven patterns and practices for writing secure code, using data, and building Web applications and services are all documented.

Sometimes the desired solution is not the easiest path . To make it faster and easier to end up in the right place, the authors have carefully condensed relevant sample code from real-world applications into building blocks.

Finally, techniques for assessing application security are provided. The guide contains a set of detailed checklists that can be used as guidelines for new applications or tools to evaluate existing projects.

Whether you're just starting on your apprenticeship in Web application security or have already mastered many of the techniques, you'll find this guide to be an indispensable aid that will help you build more secure Web applications.

Erik Olson

Program Manager, ASP.NET Product Team
Microsoft Corp.



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
SQL Hacks
C++ How to Program (5th Edition)
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Programming Microsoft ASP.NET 3.5
InDesign Type: Professional Typography with Adobe InDesign CS2
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy