Improving Web Application Security: Threats and Countermeasures
The authoritative guide to implementing fundamental security principles in .NET applications. This guide helps you design, build, and configure hack-resilient Web applications that reduce the likelihood of successful attacks.
Tag(s): Microsoft .NET
Publication date: 24 Sep 2003
ISBN-10: 0735618429
ISBN-13: 9780735618428
Paperback: 958 pages
Views: 21,918
Improving Web Application Security: Threats and Countermeasures
The authoritative guide to implementing fundamental security principles in .NET applications. This guide helps you design, build, and configure hack-resilient Web applications that reduce the likelihood of successful attacks.
Tag(s):
Microsoft .NET
Publication date: 24 Sep 2003
ISBN-10: 0735618429
ISBN-13: 9780735618428
Paperback: 958 pages
Views: 21,918
Document Type: N/A
Publisher: Microsoft Press Books
License: n/a
Post time: 26 Mar 2007 07:31:31
Publication date: 24 Sep 2003
ISBN-10: 0735618429
ISBN-13: 9780735618428
Paperback: 958 pages
Views: 21,918
Document Type: N/A
Publisher: Microsoft Press Books
License: n/a
Post time: 26 Mar 2007 07:31:31
From the Preface:
This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient.
The information in this guide is based on proven practices for improving your Web application's security. The guidance is task-based and presented in parts that correspond to product life cycles, tasks, and roles.
Background:
Traditionally, security has been considered a network issue, where the firewall is the primary defense (the fortress model) or something that system administrators handle by locking down the host computers. Application architects and developers have traditionally treated security as an afterthought or as a feature to be considered as time permits — usually after performance considerations are addressed.
The problem with the firewall, or fortress model, is that attacks can pass through network defenses directly to the application. A typical firewall helps to restrict traffic to HTTP, but the HTTP traffic can contain commands that exploit application vulnerabilities. Relying entirely on locking down your hosts is another unsuccessful approach. While several threats can be effectively countered at the host level, application attacks represent a serious and increasing security issue.
Another area where security problems occur is deployment. A familiar scenario is when an application fails when it is deployed in a locked-down production environment, which forces the administrator to loosen security settings. This often leads to new security vulnerabilities. In addition, a lack of security policy or application requirements that are inconsistent with policy can compromise security. One of the goals of this guide is to help bridge this gap between development and operations.
Random security is not enough. To make your application hack-resilient, you need a holistic and systematic approach to securing your network, host, and application. The responsibility spans phases and roles across the product life cycle. Security is not a destination; it is a journey. This guide will help you on your way.
Intended Audience:
This guide is for anyone concerned with planning, building, deploying, or operating Web applications. The guide contains essential information for designers, developers, system administrators, and security analysts.
Designers will learn how to avoid costly security mistakes and how to make appropriate design choices early in the product development life cycle. Developers will learn how to implement defensive coding techniques and build secure code. System administrators will learn how to methodically secure servers and networks, and security analysts will learn how to perform security assessments.
Reviews:
Amazon.com
:) "It's a must buy if you want to understand .NET web application security and the security architecture that underpins it."
:) "If you are designing, building and deploying Web based applications using Microsoft's .NET Framework run and get this book. Currently, there is no other book that can match the breath and depth of the topic covered in this book."
:) "Truly useful how-to-secure your server book. Goes through locking down your OS, web server (IIS), SQL Server installation, .NET configuration, and web application do's and don'ts."
This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient.
The information in this guide is based on proven practices for improving your Web application's security. The guidance is task-based and presented in parts that correspond to product life cycles, tasks, and roles.
Background:
Traditionally, security has been considered a network issue, where the firewall is the primary defense (the fortress model) or something that system administrators handle by locking down the host computers. Application architects and developers have traditionally treated security as an afterthought or as a feature to be considered as time permits — usually after performance considerations are addressed.
The problem with the firewall, or fortress model, is that attacks can pass through network defenses directly to the application. A typical firewall helps to restrict traffic to HTTP, but the HTTP traffic can contain commands that exploit application vulnerabilities. Relying entirely on locking down your hosts is another unsuccessful approach. While several threats can be effectively countered at the host level, application attacks represent a serious and increasing security issue.
Another area where security problems occur is deployment. A familiar scenario is when an application fails when it is deployed in a locked-down production environment, which forces the administrator to loosen security settings. This often leads to new security vulnerabilities. In addition, a lack of security policy or application requirements that are inconsistent with policy can compromise security. One of the goals of this guide is to help bridge this gap between development and operations.
Random security is not enough. To make your application hack-resilient, you need a holistic and systematic approach to securing your network, host, and application. The responsibility spans phases and roles across the product life cycle. Security is not a destination; it is a journey. This guide will help you on your way.
Intended Audience:
This guide is for anyone concerned with planning, building, deploying, or operating Web applications. The guide contains essential information for designers, developers, system administrators, and security analysts.
Designers will learn how to avoid costly security mistakes and how to make appropriate design choices early in the product development life cycle. Developers will learn how to implement defensive coding techniques and build secure code. System administrators will learn how to methodically secure servers and networks, and security analysts will learn how to perform security assessments.
Reviews:
Amazon.com
:) "It's a must buy if you want to understand .NET web application security and the security architecture that underpins it."
:) "If you are designing, building and deploying Web based applications using Microsoft's .NET Framework run and get this book. Currently, there is no other book that can match the breath and depth of the topic covered in this book."
:) "Truly useful how-to-secure your server book. Goes through locking down your OS, web server (IIS), SQL Server installation, .NET configuration, and web application do's and don'ts."
Tweet
About The Author(s)
No information is available for this author.
No information is available for this author.
No information is available for this author.
No information is available for this author.
No information is available for this author.
Book Categories
Computer Science
Introduction to Computer Science
Introduction to Computer Programming
Algorithms and Data Structures
Artificial Intelligence
Computer Vision
Machine Learning
Neural Networks
Game Development and Multimedia
Data Communication and Networks
Coding Theory
Computer Security
Information Security
Cryptography
Information Theory
Computer Organization and Architecture
Operating Systems
Image Processing
Parallel Computing
Concurrent Programming
Relational Database
Document-oriented Database
Data Mining
Big Data
Data Science
Digital Libraries
Compiler Design and Construction
Functional Programming
Logic Programming
Object Oriented Programming
Formal Methods
Software Engineering
Agile Software Development
Information Systems
Geographic Information System (GIS)
Mathematics
Mathematics
Algebra
Abstract Algebra
Linear Algebra
Number Theory
Numerical Methods
Precalculus
Calculus
Differential Equations
Category Theory
Proofs
Discrete Mathematics
Theory of Computation
Graph Theory
Real Analysis
Complex Analysis
Probability
Statistics
Game Theory
Queueing Theory
Operations Research
Computer Aided Mathematics
Supporting Fields
Web Design and Development
Mobile App Design and Development
System Administration
Cloud Computing
Electric Circuits
Embedded System
Signal Processing
Integration and Automation
Network Science
Project Management
Operating System
Programming/Scripting
Ada
Assembly
C / C++
Common Lisp
Forth
Java
JavaScript
Lua
Rexx
Microsoft .NET
Perl
PHP
R
Python
Rebol
Ruby
Scheme
Tcl/Tk
Miscellaneous
Sponsors