Improving web application security
Threats and countermeasures
Résumé
This guide helps you build hack-resilient applications. A hack-resilient application is one that reduces the likelihood of a successful attack and mitigates the extent of damage if an attack occurs. A hack-resilient application resides on a secure host (server) in a secure network and is developed using secure design and development guidelines.
Web application security must be addressed across the tiers and at multiple layers. A weakness in any tier or layer makes your application vulnerable to attack. Figure 1 shows the scope of the guide and the three-layered approach that it uses: securing the network, securing the host, and securing the application. It also shows the process called threat modeling, which provides a structure and rationale for the security process and allows you to evaluate security threats and identify appropriate countermeasures. If you do not know your threats, how can you secure your system?
The guide addresses security across the three physical tiers shown in Figure 1. It covers the Web server, remote application server and database server. At each tier, security is addressed at the network layer, host layer, and application layer. Figure 1 also shows the configuration categories that the guide uses to organize the various security configuration settings that apply to the host and network, and the application vulnerability categories, used to structure application security considerations.
Contents
- Introduction
- Solutions at a Glance
- Fast track
- Introduction to Threats and Countermeasres
- Web Application Security Fundamentals
- Threats and Countermeasures
- Threat Modeling
- Designing Secure Web Applications
- Design Guidelines for Secure Web Applications
- Architecture and Design Review for security
- Building Secure Web Applications
- .NET Security Overview
- Building Secure Assemblies
- Code Access Security in Practice
- Using Code Access Security with ASP.NET
- Building Secure ASP.NET Pages and Controls
- Building Secure Serviced Components
- Building Secure Web Services
- Building Secure Remoted Components
- Building Secure Data Access
- Securing Your Network, Host and Application
- Securing Your Network
- Securing Your Web Server
- Securing Your Application Server
- Securing Your Database Server
- Securing Your ASP.NET Application and Web Services
- Hosting Multiple ASP.NET Applications
- Assessing Your Security
- Code Review
- Deployment Review
- Checklist
- How to...
L'auteur - Microsoft Corporation
The Microsoft Windows Server 2003 team designs, builds, tests, documents and supports Microsoft Windows server products and solutions.
Caractéristiques techniques
| PAPIER | |
| Éditeur(s) | Microsoft Press |
| Auteur(s) | Microsoft Corporation |
| Parution | 15/09/2003 |
| Nb. de pages | 946 |
| Format | 18,5 x 22,7 |
| Couverture | Broché |
| Poids | 1795g |
| Intérieur | Noir et Blanc |
| EAN13 | 9780735618428 |
| ISBN13 | 978-0-7356-1842-8 |
Avantages Eyrolles.com
Consultez aussi
- Les meilleures ventes en Graphisme & Photo
- Les meilleures ventes en Informatique
- Les meilleures ventes en Construction
- Les meilleures ventes en Entreprise & Droit
- Les meilleures ventes en Sciences
- Les meilleures ventes en Littérature
- Les meilleures ventes en Arts & Loisirs
- Les meilleures ventes en Vie pratique
- Les meilleures ventes en Voyage et Tourisme
- Les meilleures ventes en BD et Jeunesse
- Informatique Informatique d'entreprise Sécurité
- Informatique Réseaux et télecommunications Ouvrages généraux
- Informatique Réseaux et télecommunications Protocoles et standards
- Informatique Réseaux et télecommunications Administration réseau
- Informatique Réseaux et télecommunications Sécurité réseau Sécurité internet
