Foreword by Michael Howard

Previous page
Table of content
Next page

The notion that security is only as good as the weakest link is as valid today as it was 15 or so years ago, and it is especially true in today's Web-enabled applications. This truism was emphasized during the eWeek OpenHack contest of October 2002, when various software vendors were pitted against each other in the most hostile of environments ” the Internet. During the contest, the computer running Oracle 9i Application Server was compromised in a little over two hours. The defect, that of not checking that user input was well formed and correct, was not in the core Oracle software. The error lay in the custom application that rode atop the server software. The same error could easily have occurred in any Web-based application written in, say, ASP.NET, Perl, or PHP.

Based on my experience, I can safely say that many people focus on securing the "core" code and features, and give the security of features that depend on the core short shrift. You simply cannot do this in a hostile environment such as the Web. Building secure systems requires skill, education, and discipline at every stage of development: from design to coding to testing to documentation to deployment, and finally, to management. Each and every step must be as secure as possible. This is why I am excited about Improving Web Application Security: Threats and Countermeasures . It's the first book to offer a "soup to nuts" view of building a secure Web-based system using the Microsoft .NET Framework and ASP.NET. The fact that the authors chose to focus on the Web-based product development end-to-end lifecycle ” and not just on securing small islands of technology ” is a testament to much of the work we are undertaking at Microsoft as part of the Trustworthy Computing initiative. Delivering security and privacy to customers requires the engagement of every person involved in the software process, rather than focusing on single events or a single development discipline.

This book has something of value for everyone involved in software development, deployment, and management, because everyone involved in these efforts has an impact on product security. I would urge you, at a minimum, to read the sections that affect your discipline. You will learn critical skills, and most importantly, you will secure every link in the chain. After all, it takes only one loose thread and the entire garment unravels!

Michael Howard

Senior Program Manager, Secure Windows Initiative
Co-author Writing Secure Code



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
FileMaker Pro 8: The Missing Manual
Mapping Hacks: Tips & Tools for Electronic Cartography
Microsoft WSH and VBScript Programming for the Absolute Beginner
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy