Thursday, July 29, 2004
Improving Web Application Security: Threats and Countermeasures
I went throught this important article from MSDN related to Web Application Security:-
Improving Web Application Security -> Solutions at a Glance
It addresses the following topics:-
- How to identify and evaluate threats
- How to create secure designs
- How to perform an architecture and design review
- What is .NET Framework security
- How to write secure managed code
- How to handle exceptions securely
- How to perform security reviews of managed code
- How to secure a developer workstation
- How to use code access security with ASP.NET
- How to write least privileged code
- How to constrain file I/O
- How to prevent SQL injection
- How to prevent cross-site scripting
- How to manage secrets
- How to call unmanaged code securely
- How to perform secure input validation
- How to secure Forms authentication
- How to implement patch management
- How to make the settings in Machine.config and Web.config more secure
- How to secure a Web server running the .NET Framework
- How to secure a database server
- How to secure an application server
- How to host multiple ASP.NET applications securely
- How to secure Web services
- How to secure Enterprise Services
- How to secure Microsoft .NET Remoting
- How to secure session state
- How to manage application configuration securely
- How to secure against denial of service attacks
- How to constrain file I/O
- How to perform remote administration
