Checklist


  • Each Web server has been deployed in a secure manner as recommended for its operating system. This includes applying the latest security patches, separating system partitions from Web document roots, and removing unnecessary files from the Web document root.

  • The .NET application uses managed code. Any unmanaged code has been reviewed for input validation and does not perform important functions such as database connections.

  • Strong passwords have been set for all applications, including databases, and remote management methods.

  • The application uses strong exception handling, combined with disabling .NET server’s debug output on production systems.

  • Applications perform strong server-side input validation. Content is checked for value (numeric boundaries), type (integer, string, ZIP code, phone number, name), and length.

  • The secret key for the Passport and partner application to exchange data has been installed and a copy of the secret key is stored on a secured host.

  • The partner application has defined what optional Passport user information it will use. Passport only requires an e-mail address and password.

  • Privacy settings (P3P) have been defined for the partner application.




Web Services Security
Web Services Security
ISBN: 0072224711
EAN: 2147483647
Year: 2003
Pages: 105
Authors: Mark ONeill

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net