ANN: Improving Web Application Security: Threats and Countermeasures

Bake security into the application lifecycle. It's a comprehensive guide for creating "hack resilient" apps. Use the guide to secure the network, host and application (there's something for architects, devs, system admins, testers, and security pros). It's principle-based and threat focused. Guidance is task-based and modular with tons of implementation steps. Deep drill-down on each technology, Code Access Security, ASP.NET, Enterprise Services, Web Services, Remoting, and Data Access (ADO.NET/SQL Server), with threats and countermeasures are provided. Also, includes checklists and How Tos.

Key Problems Solved:

• Hosting multiple Web Apps securely
• Writing secure managed code
• Designing secure apps
• Using CAS from ASP.NET
• Preventing key security issues: Input validation, SQL injection, Cross-Site Scripting
• Securing your developer workstation
• Securing your web server
• Securing your database server
• Locking down ASP.NET
• Performing security reviews on design, code, and deployment

Download @
http://msdn.microsoft.com/library/en-us/dnnetsec/html/threatcounter.asp

This is the second book in the .NET/Web Security Series from the Microsoft Patterns and Practices Team. The first was "Building Secure Microsoft ASP.NET Applications" which is available @ http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp

• Anil