Organization of This Guide

Previous page
Table of content
Next page

You can read this guide from end to end, or you can read the chapters you need for your job. For a quick overview of the guide, refer to the "Fast Track" section.

Solutions at a Glance

The "Solutions at a Glance" section provides a problem index for the guide, highlighting key areas of concern and where to go for more detail.

Fast Track

The "Fast Track" section in the front of the guide helps you implement the recommendations and guidance quickly and easily.

Parts

This guide is divided into five parts:

  • Part I, Introduction to Threats and Countermeasures

  • Part II, Designing Secure Web Applications

  • Part III, Building Secure Web Applications

  • Part IV, Securing Your Network, Host, and Application

  • Part V, Assessing Your Security

Part I, Introduction to Threats and Countermeasures

This part identifies and illustrates the various threats facing the network, host, and application layers . By using the threat modeling process, you can identify the threats that are relevant to your application. This sets the stage for identifying effective countermeasures. This part includes:

  • Chapter 1, "Web Application Security Fundamentals"

  • Chapter 2, "Threats and Countermeasures"

  • Chapter 3, "Threat Modeling"

Part II, Designing Secure Web Applications

This part provides the guidance you need to design your Web applications securely. Even if you have an existing application, you should review this section and then revisit the concepts, principles, and techniques that you used during your application design. This part includes:

  • Chapter 4, "Design Guidelines for Secure Web Applications"

  • Chapter 5, "Architecture and Design Review for Security"

Part III, Building Secure Web Applications

This part helps you to apply the secure design practices and principles covered in the previous part to create a solid and secure implementation. You'll learn defensive coding techniques that make your code and application resilient to attack. Chapter 6 presents an overview of the .NET Framework security landscape so that you are aware of the numerous defensive options and tools that are at your disposal. Part III includes:

  • Chapter 6, ".NET Security Fundamentals"

  • Chapter 7, "Building Secure Assemblies"

  • Chapter 8, "Code Access Security in Practice"

  • Chapter 9, "Using Code Access Security with ASP.NET"

  • Chapter 10, "Building Secure ASP.NET Pages and Controls"

  • Chapter 11, "Building Secure Serviced Components"

  • Chapter 12, "Building Secure Web Services"

  • Chapter 13, "Building Secure Remoted Components"

  • Chapter 14, "Building Secure Data Access"

Part IV, Securing Your Network, Host, and Application

This part shows you how to apply security configuration settings to secure the interrelated network, host, and application levels. Rather than applying security randomly , you'll learn the reasons for the security recommendations. Part IV includes:

  • Chapter 15, "Securing Your Network"

  • Chapter 16, "Securing Your Web Server"

  • Chapter 17, "Securing Your Application Server"

  • Chapter 18, "Securing Your Database Server"

  • Chapter 19, "Securing Your ASP.NET Application and Web Services"

  • Chapter 20, "Hosting Multiple Web Applications"

Part V, Assessing Your Security

This part provides you with the tools you need to evaluate the success of your security efforts. It shows you how to evaluate your code and design and also how to review your deployed application, to identify potential vulnerabilities.

  • Chapter 21, "Code Review"

  • Chapter 22, "Deployment Review"

Checklists

This section contains printable, task-based checklists, which are quick reference sheets to help you turn information into action. This section includes the following checklists:

  • Checklist: Architecture and Design Review

  • Checklist: Securing ASP.NET

  • Checklist: Securing Web Services

  • Checklist: Securing Enterprise Services

  • Checklist: Securing Remoting

  • Checklist: Securing Data Access

  • Checklist: Securing Your Network

  • Checklist: Securing Your Web Server

  • Checklist: Securing Your Database Server

  • Checklist: Security Review for Managed Code

"How To" Articles

This section contains "How To" articles, which provide step-by-step procedures for key tasks . This section includes the following articles:

  • How To: Implement Patch Management

  • How To: Harden the TCP/IP Stack

  • How To: Secure Your Developer Workstation

  • How To: Use IPSec for Filtering Ports and Authentication

  • How To: Use the Microsoft Baseline Security Analyzer

  • How To: Use IISLockdown.exe

  • How To: Use URLScan

  • How To: Create a Custom Encryption Permission

  • How To: Use Code Access Security Policy to Constrain an Assembly



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Documenting Software Architectures: Views and Beyond
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy