Return to HomePage

---

Note: This document is live on MSDN! See http://msdn.com/SecNet

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan


* Objectives At a Glance

Front Matter

* Foreword by Mark Curphey
* Foreword by Erik Olson
* Foreword by Joel Scambray
* Foreword by Michael Howard
* Introduction
* Solutions at a Glance
* Fast Track - How To Implement the Guidance

Chapters

* Ch 1 - Web Application Security Fundamentals
* Ch 2 - Threats and Countermeasures
* Ch 3 - Threat Modeling
* Ch 4 - Design Guidelines for Secure Web Applications
* Ch 5 - Architecture and Design Review for Security
* Ch 6 - .NET Security Overview
* Ch 7 - Building Secure Assemblies
* Ch 8 - Code Access Security in Practice
* Ch 9 - Using Code Access Security with ASP.NET
* Ch 10 - Building Secure ASP.NET Pages and Controls
* Ch 11 - Building Secure Serviced Components
* Ch 12 - Building Secure Web Services
* Ch 13 - Building Secure Remoted Components
* Ch 14 - Building Secure Data Access
* Ch 15 - Securing Your Network
* Ch 16 - Securing Your Web Server
* Ch 17 - Securing Your Application Server
* Ch 18 - Securing Your Database Server
* Ch 19 - Securing Your ASP.NET Application and Web Services
* Ch 20 - Hosting Multiple ASP.NET Applications
* Ch 21 - Code Review
* Ch 22 - Deployment Review

Resources

* Related Security Resources

Checklists

* Architecture and Design Review
* CLR/Managed Code
* ASP.NET
* Enterprise Services
* Web Services
* Remoting
* Data Access
* Network
* Web Server
* Database Server

How Tos

* How To: Implement Patch Management
* How To: Harden the TCP/IP Stack
* How To: Secure Your Developer Workstation
* How To: Use for Filtering Ports and Authentication
* How To: Use IISLockdown.exe
* How To: Use the Microsoft Security Baseline Analyzer
* How To: Use URLScan
* How To: Create a Custom Encryption Permission
* How To: Use Code Access Security Policy to Constrain an Assembly

---

Return to HomePage