What Is a Hack-Resilient Application?

This guide helps you build hack-resilient applications. A hack-resilient application is one that reduces the likelihood of a successful attack and mitigates the extent of damage if an attack occurs. A hack-resilient application resides on a secure host (server) in a secure network and is developed using secure design and development guidelines.

In 2002, eWeek sponsored its fourth Open Hack challenge, which proved that hackresilient applications can be built using .NET technologies on servers running the Microsoft Windows 2000 operating system. The Open Hack team built an ASP.NET Web application using Microsoft Windows 2000 Advanced Server, Internet Information Services (IIS) 5.0, Microsoft SQL Server 2000, and the .NET Framework. It successfully withstood more than 82,500 attempted attacks and emerged from the competition unscathed.

This guide shares the methodology and experience used to secure Web applications including the Open Hack application. In addition, the guide includes proven practices that are used to secure networks and Web servers around the world. These methodologies and best practices are condensed and offered here as practical guidance.