Index of Checklists
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Improving Web Application Security: Threats and Countermeasures
J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan
Microsoft Corporation
Published: June 2003
See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.
See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.
Contents
Overview
Designing Checklist
Building Checklists
Securing Checklists
Assessing Checklist
Overview
Improving Web Application Security: Threats and Countermeasures provides a series of checklists that help you turn the information and details that you learned in the individual chapters into action. The following checklists are included:
- Checklist: Architecture and Design Review
- Checklist: Securing ASP.NET
- Checklist: Securing Web Services
- Checklist: Securing Enterprise Services
- Checklist: Securing Remoting
- Checklist: Securing Data Access
- Checklist: Securing Your Network
- Checklist: Securing Your Web Server
- Checklist: Securing Your Database Server
- Checklist: Security Review for Managed Code
Designing Checklist
Checklist: Architecture and Design Review covers aspects of the architecture and design stages of the project life cycle, including: input validation, authentication, authorization, configuration management, sensitive data, session management, cryptography, parameter manipulation, exception management, and auditing and logging.
Building Checklists
Each checklist in the building series covers the following application categories: input validation, authentication, authorization, configuration management, sensitive data, session management, cryptography, parameter manipulation, exception management, and auditing and logging. These checklists are:
- Checklist: Securing ASP.NET
- Checklist: Securing Web Services
- Checklist: Securing Enterprise Services
- Checklist: Securing Remoting
- Checklist: Securing Data Access
Securing Checklists
Each checklist in the securing series covers aspects of securing the servers based on roles. The checklists cover the following: patches and updates, services, protocols, accounts, files and directories, shares, ports, registry, and auditing and logging. These checklists are:
- Checklist:Securing Web Server. In addition to the common checklist information cited previously, this checklist covers the following points that are specific to a Web server: sites and virtual directories, script mappings, ISAPI filters, metabase, Machine.config, and code access security.
- Checklist:Securing Database Server. In addition to the common checklist information cited previously, this checklist covers following points that are specific to a database server: SQL Server security; and SQL Server logins, users, and roles.
Assessing Checklist
Checklist: Security Review for Managed Code helps you to uncover security vulnerabilities in your managed code. This checklist covers the following: assembly-level checks, class-level checks, cryptography, secrets, exception management, delegates, serialization, threading, reflection, unmanaged code access, file I/O, event log, registry, environment variables and code access security considerations.
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |