 See larger picture | Improving Web Application Security: Threats and Countermeasures
by
Microsoft Corporation
- Microsoft PressList Price: $44.99
Price at Amazon.com: $32.84
(Save
27%)
 Availability: Usually ships in 24 hours
Shipping rates and policies |
- Average Customer Review:
Based on
6
reviews.
- Amazon.com Sales Rank: 622213
|
Product Description Gain a solid foundation for designing, building, and configuring security-enhanced, hack-resistant Microsoft(r) ASP.NET Web applications. This expert guide describes a systematic, task-based approach to security that can be applied to both new and existing applications. It addresses security considerations at the network, host, and application layers for each physical tier Web server, remote application server, and database server detailing the security configurations and countermeasures that can help mitigate risks. The information is organized into sections that correspond to both the product life cycle and the roles involved, making it easy for architects, designers, and developers to find the answers they need. All PATTERNS & PRACTICES guides are reviewed and approved by Microsoft engineering teams, consultants, partners, and customers delivering accurate, real-world information that s been technically validated and tested.
Featured Customer Reviews  Outstanding .Net Security Book,
May 22, 2007
At the same, I am setting up my web servers to track and trace people in and out the servers within the oranganization -- since my applications are running inside intranet.
Great book to have if security is you main concern! If you only get one book on .NET web security, get this one!,
March 30, 2006 I'm a Microsoft Certified Solutions Developer with reasonable experience of .NET web development, but little or no understanding of how to secure the applications that I write. But not any more. This book is excellent! It covers securing .NET web applications under the 1.0 and especially the 1.1 .NET framework. It does NOT teach the basic .NET technologies, ie: how to create a web program, but it explains in good detail (without going overboard) how the security mechanisms of .NET work, and how best to secure a .NET web application. It's a big book, with chapters covering topics like code access security and how to configure a web app for medium trust, how to secure web services and Remoting servers, and how to harden IIS, Windows 2000 and SQL Server, and loads more!
Before you consider buying any other .NET security book, get this one. It's worth every penny. It also has a companion volume, entitled "Building Secure ASP.NET Applications. Authentication, Authorization, and Secure Communication". Unfortunately, this book is not half as good as "Improving Web Application Security". Shame really. The books are supposed to complement each other, but "Improving Web Application Security" really stands out head and shoulders above the other. It's a must buy if you want to understand .NET web application security and the security architecture that underpins it. A great counter measure: Annonymization,
January 03, 2006Great ideas for countermeasures, less demonstration,
October 28, 2004 I am in the business of writing secure e-biz apps and I found the security and countermeasure strategies in this book to be very thorough.
Now, why the 4 stars? Two reasons - 1. The author(s) are very repetitive. I read the section on countermeasures to SQL injection attacks 3 times in the book.
2. The countermeasures are demonstrated adequately but the attacks are not. For instance, what to do to thwart SQL injection attacks is explained with some examples. But what really is a SQL injection attack; plain description is not enough? Some non-trivial examples of those make sense because then you know the reason for deploying the countermeasures; what are you saving yourself against? Sort of, identifying the enemy.
Nevertheless, a great, comprehensive and practical tutorial.Just get it!There is nothing that compares to it.,
March 08, 2004 If you are designing, building and deploying Web based applications using Microsoft's .NET Framework run and get this book. Currently, there is no other book that can match the breath and depth of the topic covered in this book.Contrary to what the title may imply, in addition to ASP.NET this book also covers how security should be addressed in the building of Serviced components, Web Services and Remoting. The chapters on Code Access Security are among the clearest that can be found anywhere. This book takes a holistic approach to Security in that it addresses threats to the network, host and application layers. The old adage of a chain is only as strong as its weakest link is taken to heart in the book so guidance is provided on how security should be addressed across tiers and at multiple layers. Secure app development across the entire software development and deployment lifecycle is considered within the scope of this book. In addition to Secure Coding guidelines, Extensive guidelines are provided that show how the Network, Web Server, Application Server and Database Server should be secured. One of the things that I like about this book is that the guidance that is provided is task and role based. So even though the book is 800+ pages, it can be very easily used as a ready reference. Multiple checklists that deal with Design, Build, Securing and Assessment are given and can be used out of the box. In short, don't wait. Go get it now! From the book's introduction: Part I, "Introduction to Threats and Countermeasures," identifies and illustrates the various threats facing the network, host, and application layers. The process of threat modeling helps you to identify those threats that can harm your application. By understanding these threats, you can identify and prioritize effective countermeasures. Part II, "Designing Secure Web Applications," gives you the guidance you require to design secure Web applications. Even if you have deployed your application, we recommend that you examine and evaluate the concepts, principles, and techniques outlined in this part. Part III, "Building Secure Web Applications," allows you to apply the secure design practices introduced in Part II to create secure implementations. You will learn defensive coding techniques that make your code and application resilient to attack. Part IV, "Securing Your Network, Host, and Application," describes how you will apply security configuration settings to secure these three interrelated levels. Instead of applying security randomly, you will learn the rationale behind the security recommendations. Part V, "Assessing Your Security," provides the tools you require to evaluate the success of your security efforts. Starting with the application, you'll take an inside-out approach to evaluating your code and design. You'll follow this with an outside-in view of the security risks that challenge your network, host and application.
You might also be interested in these items...
|
|