How to Use This Guide

Previous page
Table of content
Next page

Each chapter in the guide is modular. The guidance is task-based , and is presented in parts which correspond to the various stages of the product development life cycle and to the people and roles involved during the life cycle including architects , developers, system administrators, and security analysts.

Applying the Guidance to Your Role

Each person, regardless of role, who works on the design, development, deployment, or maintenance of Web applications and their underlying infrastructure should read Part I of this guide. Part I, "Introduction to Threats and Countermeasures," highlights and explains the primary threats to Web applications at the network, host, and application layers . It also shows you how to create threat models to help you identify and prioritize those threats that are most relevant to your particular application. A solid understanding of threats and associated countermeasures is essential for anyone who is interested in securing Web applications.

If you are responsible for or are involved in the design of a new or existing Web application, you should read Part II, "Designing Secure Web Applications." Part II helps you identify potential vulnerabilities in your application design.

If you are a developer, you should read Part III, "Building Secure Web Applications." The information in this part helps you to develop secure code and components, including Web pages and controls, Web services, remoting components , and data access code. As a developer, you should also read Part IV, "Securing Your Network, Host, and Application" to gain a better understanding of the type of secure environment that your code is likely to be deployed in. If you understand more about your target environment, the risk of issues and security vulnerabilities appearing at deployment time is reduced significantly.

If you are a system administrator, you should read Part IV, "Securing Your Network, Host, and Application." The information in this part helps you create a secure network and server infrastructure ” one that is tuned to support .NET Web applications and Web services.

Anyone who is responsible for reviewing product security should read Part V, "Assessing Your Security". This helps you identify vulnerabilities caused by insecure coding techniques or deployment configurations.

Applying the Guidance to Your Product Life Cycle

Different parts of the guide apply to the different phases of the product development life cycle. The sequence of chapters in the guide mirrors the typical phases of the life cycle. Figure 2 shows how the parts and chapters correspond to the phases of a classic product development life cycle.

click to expand
Figure 2: Improving Web Application Security: Threats and Countermeasures as it relates to product lifecycle

Microsoft Solutions Framework

If you use and are more familiar with the Microsoft Solutions Framework (MSF), Figure 3 shows a similar life cycle mapping, this time in relation to the MSF Process Model.

click to expand
Figure 3: Improving Web Application Security: Threats and Countermeasures as it relates to MSF


Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
An Introduction to Design Patterns in C++ with Qt 4
Twisted Network Programming Essentials
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
VBScript in a Nutshell, 2nd Edition
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy