Foreword by Joel Scambray

Previous page
Table of content
Next page

I have been privileged to contribute to Improving Web Application Security: Threats and Countermeasures , and its companion volume, Building Secure ASP.NET Web Applications . As someone who encounters many such threats and relies on many of these countermeasures every day at Microsoft's largest Internet-facing online properties, I can say that this guide is a necessary component of any Web- facing business strategy. I'm quite excited to see this knowledge shared widely with Microsoft's customers, and I look forward to applying it in my daily work.

There is an increasing amount of information being published about Internet security, and keeping up with it is a challenge. One of the first questions I ask when a new work like this gets published is: "Does the quality of the information justify my time to read it?" In the case of Improving Web Application Security: Threats and Countermeasures , I can answer an unqualified yes . J.D. Meier and team have assembled a comprehensive reference on Microsoft Web application security, and put it in a modular framework that makes it readily accessible to Web application architects , developers, testers, technical managers, operations engineers , and yes, even security professionals. The bulk of information contained in this work can be intimidating, but it is well-organized around key milestones in the product lifecycle ” design, development, testing, deployment, and maintenance. It also adheres to a security principles-based approach, so that each section is consistent with common security themes.

Perhaps my favorite aspect of this guide is the thorough testing that went into each page. During several discussions with the guide's development team, I always came away impressed with their willingness to actually deploy the technologies discussed herein to ensure that the theory portrayed aligned with practical reality. They also freely sought out expertise internal and external to Microsoft to keep the contents useful and practical.

Some other key features that I found very useful include the concise , well-organized, and comprehensive threat modeling chapter, the abundant tips and guidelines on .NET Framework security ( especially code access security), and the hands-on checklists for each topic discussed.

Improving Web Application Security: Threats and Countermeasures will get any organization out ahead of the Internet security curve by showing them how to bake security into applications, rather than bolting it on as an afterthought. I highly recommend this guide to those organizations who have developed or deployed Internet-facing applications and to those organizations who are considering such an endeavor.

Joel Scambray

Senior Director of Security, MSN
Co-Author, Hacking Exposed Fourth Edition , Windows , and Web Applications



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
MySQL Cookbook
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
GO! with Microsoft Office 2003 Brief (2nd Edition)
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Microsoft WSH and VBScript Programming for the Absolute Beginner
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy