Security Resources

Keep the following URLs handy when securing your application:

• http://www.microsoft.com/technet/security This is the starting point for finding security-related information for Windows, IIS, and other Microsoft products. You’ll find a host of good information on improving the security of your servers and applications here.

• http://www.microsoft.com/technet/security/iis5chk.asp This is the Secure Internet Information Services 5 Checklist. Prepared by Michael Howard of the Windows 2000 and IIS security teams, this document provides recommendations and best practices for securing IIS 5.0.

• http://www.microsoft.com/technet/itsolutions/security/tools/ tools.asp This is a list of security tools available through the Microsoft Technet Web site.

• http://nsa2.www.conxion.com/win2k/download.htm This is the download site for the Windows 2000 Security Recommendation Guides prepared by the National Security Agency (NSA).

• http://www.microsoft.com/technet/columns/security/10imlaws.asp This is the 10 Immutable Laws of Security, a list of the many ways to lose control of your computer.

• http://www.microsoft.com/technet/columns/security/10salaws.asp This is the 10 Immutable Laws of Security Administration, a list of sage advice for those who have the dubious pleasure of being responsible for securing their systems.

• http://www.cert.org/advisories/CA-2000-02.html This advisory provides a detailed description of cross-site scripting (XSS) and the problems it can cause.

• http://www.cert.org/tech_tips/malicious_code_mitigation.html This provides mitigation strategies for preventing XSS attacks.