Why We Wrote This Book

Although numerous books on security are available, many of them cover only theory or perhaps a security silo—that is, an island of security based on a particular tool, application, or technology. It should be obvious that no complete security solution is a silo; all secure business applications touch many tools and many technologies. Also, designing, building, and deploying any secure solution as a series of silos is difficult and unwise because getting the silos to talk to one another can be time-consuming and expensive.

The focal point of this book is a holistic view of how to build secure Microsoft Windows 2000-based solutions that use various Web technologies. We cover soup to nuts: from the browser to servers to middleware servers to database servers and back. As it turns out, this is a reasonably complex task to address; there are many moving parts and our goal is to make sure you understand how it all fits together. Accordingly, this book is part reference, part tutorial, and part cookbook for building secure Web applications by using Microsoft technologies. We also cover some of the trade-offs you need to make when building such end-to-end solutions. For example, choosing the appropriate authentication and identity mechanisms can have a performance impact on your solution. For this reason, it's important that you choose the correct technologies to meet your business requirements.