Web application security is dependent upon the security of the underlying infrastructure on which the application is deployed. Weak network or host configuration settings result in vulnerabilities that can and will be exploited. The deployment review covered in this chapter inspects the configuration of the network and host. The host includes Windows 2000 Server and, depending on the server role, it can also include IIS, the Microsoft .NET Framework, Enterprise Services, and SQL Server.
The main configuration elements that are subject to the deployment review process are shown in Figure 22.1.