Flylib.com
List of Figures
Previous page
Table of content
Next page
Introduction
Figure 1: The scope of Improving Web Application Security: Threats and Countermeasures
Figure 2: Improving Web Application Security: Threats and Countermeasures as it relates to product lifecycle
Figure 3: Improving Web Application Security: Threats and Countermeasures as it relates to MSF
Figure 4: A holistic approach to security
Figure 5: Scope of Volume I, Building Secure ASP.NET Applications
Fast Track How To Implement the Guidance
Figure 1: The scope of the guide
Figure 2: A holistic approach to security
Figure 3: Host security categories
Figure 4: The Threat Modeling Process
Figure 5: Relationship of chapter to product life cycle
Chapter 1: Web Application Security Fundamentals
Figure 1.1: A holistic approach to security
Figure 1.2: Host security categories
Chapter 2: Threats and Countermeasures
Figure 2.1: Basic steps for attacking methodology
Chapter 3: Threat Modeling
Figure 3.1: An overview of the threat modeling process
Figure 3.2: Components of the threat model
Figure 3.3: Sample application architecture diagram
Figure 3.4: Targets for application decomposition
Figure 3.5: Representation of an attack tree
Chapter 4: Design Guidelines for Secure Web Applications
Figure 4.1: Web application design issues
Figure 4.2: Deployment considerations
Figure 4.3: A centralized approach to input validation
Figure 4.4: Input validation strategy: constrain, reject, and sanitize input
Figure 4.5: Impersonation model providing per end user authorization granularity
Figure 4.6: Trusted subsystem model that supports database connection pooling
Figure 4.7: Hybrid model
Chapter 5: Architecture and Design Review for Security
Figure 5.1: Application review
Chapter 6: .NET Security Overview
Figure 6.1: A logical view of (user) role-based security
Figure 6.2: Logical view of code-based security
Figure 6.3: .NET Framework security namespaces
Chapter 7: Building Secure Assemblies
Figure 7.1: Assembly-level threats
Chapter 8: Code Access Security in Practice
Figure 8.1: Code access security a simplified view
Figure 8.2: Policy intersection across policy levels
Figure 8.3: Hierarchical code groups at a single policy level
Figure 8.4: The result of partial trust code calling a strong named assembly
Figure 8.5: An example of a luring attack with link demands
Chapter 9: Using Code Access Security with ASP.NET
Figure 9.1: Common resource types accessed from ASP.NET Web applications and associated permission types
Figure 9.2: Sandboxing privileged code in its own assembly, which asserts the relevant permission
Figure 9.3: Sandboxing OLE DB resource access
Chapter 10: Building Secure ASP.NET Pages and Controls
Figure 10.1: Common threats to ASP.NET Web pages and controls
Figure 10.2: A Web site partitioned into public and secure areas
Figure 10.3: Subdirectory for restricted pages that require authenticated access
Chapter 11: Building Secure Serviced Components
Figure 11.1: Serviced components in a middle- tier Enterprise Services application
Figure 11.2: Enterprise Services threats
Figure 11.3: Enterprise Services typical deployment configurations
Figure 11.4: Using a Web services faade layer to communicate with Enterprise Services using HTTP
Chapter 12: Building Secure Web Services
Figure 12.1: Main Web services threats
Chapter 13: Building Secure Remoted Components
Figure 13.1: Typical remoting deployment
Figure 13.2: Main remoting threat
Figure 13.3: Remoting in a trusted server scenario
Figure 13.4: Using custom encryption sinks
Chapter 14: Building Secure Data Access
Figure 14.1: Threats and attacks to data access code
Figure 14.2: Separation of presentation, business, and data access layers
Figure 14.3: Data access authorization, assembly, and database
Figure 14.4: Detailed exception information revealing sensitive data
Chapter 15: Securing Your Network
Figure 15.1: Network components: router, firewall, and switch
Chapter 16: Securing Your Web Server
Figure 16.1: Prominent Web server threats and common vulnerabilities
Figure 16.2: Web server configuration categories
Figure 16.3: Computer Management MMC snap-in Shares
Figure 16.4: Mapping application extensions
Figure 16.5: Removing unused ISAPI filters
Figure 16.6: Setting
LocalIntranet_Zone
code permissions to
Nothing
Chapter 17: Securing Your Application Server
Figure 17.1: Remote application server deployment model
Figure 17.2: Top application server related threats and vulnerabilities
Figure 17.3: Typical Enterprise Services firewall port configuration
Figure 17.4: Typical Remoting firewall port configuration for HTTP and TCP channel scenarios
Figure 17.5: Remoting with the TCP channel and a Windows service host
Figure 17.6: Remoting with the HTTP channel and an ASP.NET host
Figure 17.7: Enabling role-based security
Figure 17.8: Enabling component-level access checks
Figure 17.9: DCOM impersonation levels
Chapter 18: Securing Your Database Server
Figure 18.1: Top database server threats and vulnerabilities
Figure 18.2: Database server security categories
Figure 18.3: Disabling all protocols except TCP/IP in the SQL Server Network Utility
Figure 18.4: Setting the Hide Server option from the Server Network Utility
Figure 18.5: SQL Server security properties
Chapter 19: Securing Your ASP.NET Application and Web Services
Figure 19.1: ASP.NET configuration files
Figure 19.2: Hierarchical configuration
Chapter 20: Hosting Multiple Web Applications
Figure 20.1: ASP.NET architecture on Windows 2000 with IIS 5
Figure 20.2: ASP.NET architecture on Windows Server 2003 with IIS 6
Figure 20.3: Multiple anonymous accounts used for each application
Figure 20.4: Applications impersonate a fixed account and use that to access resources
Chapter 22: Deployment Review
Figure 22.1: Core elements of a deployment review
Figure 22.2: Netstat output
How To: Implement Patch Management
Figure 1: MBSA scan options
Figure 2: Screenshot of the report details for a scanned machine
Figure 3: Missing patch indication
Figure 4: Patch cannot be confirmed indication
How To: Use IPSec for Filtering Ports and Authentication
Figure 5: IP Filter List dialog box
Figure 6: MyPolicy Properties dialog box
How To: Use the Microsoft Baseline Security Analyzer
Figure 7: SQL Server and MSDE specifics
How To: Create a Custom Encryption Permission
Figure 8: Custom
EncryptionPermission
inheritance hierarchy
Previous page
Table of content
Next page
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors:
Microsoft Corporation
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
ERP Systems Impact on Organizations
ERP System Acquisition: A Process Model and Results From an Austrian Survey
The Second Wave ERP Market: An Australian Viewpoint
Healthcare Information: From Administrative to Practice Databases
A Hybrid Clustering Technique to Improve Patient Data Quality
The CISSP and CAP Prep Guide: Platinum Edition
Information Security and Risk Management
Access Control
Telecommunications and Network Security
Initiation of the System Authorization Process
Appendix C The Information System Security Architecture Professional (ISSAP) Certification
Postfix: The Definitive Guide
Prerequisites
UUCP, Fax, and Other Deliveries
Testing Your Authentication Configuration
LDAP
C.1. Obtaining Postfix
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Objectives of this book
The roots of SOA (comparing SOA to past architectures)
Service-orientation and the enterprise
Service design guidelines
A.2. Transit Line Systems Inc.
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Form Presentation and Validation with Struts
Managing Business Logic with Struts
Building a Data Access Tier with ObjectRelationalBridge
Templates and Velocity
Building the JavaEdge Application with Ant and Anthill
File System Forensic Analysis
File System Category
FAT
Other Topics
Other Topics
Ext2 and Ext3 Data Structures
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies