Free ASP.NET Book: Improving Web Application Security :: Intelligentedu.com Free Computer Training Blogs

Blog Roll:

Top Links:

December 9, 2005

Free ASP.NET Book: Improving Web Application Security

Here is a free ASP.NET book in html format, that you can also download as a pdf ebook. It gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, you can apply the guidance to help you make sure that your Web applications are hack-resilient. It will help you build hack-resilient applications. A hack-resilient application is one that reduces the likelihood of a successful attack and mitigates the extent of damage if an attack occurs. A hack-resilient application resides on a secure host (server) in a secure network and is developed using secure design and development guidelines.

This book contains guidelines for architecting, designing, building, reviewing, and configuring secure to build hack resilient ASP.NET Web applications across the application tiers, technology, and servers. Topics include Threats and Countermeasures; Threat Modeling; security review for architecture, design, code and deployment; Hosting web applications; CAS; securing web, application and database servers; ASP.NET, Enterprise Services (COM+), Web Services, Remoting, and data access (including ADO.NET and SQL Server).

Free ASP.NET Book: Improving Web Application Security: Threats and Countermeasures

Download Improving Web Application Security from the MS.com Download Center in .pdf format
Download Size: 6870 KB

Part I, Introduction to Threats and Countermeasures

This part identifies and illustrates the various threats facing the network, host, and application layers. By using the threat modeling process, you can identify the threats that are relevant to your application. This sets the stage for identifying effective countermeasures. This part includes:

Part II, Designing Secure Web Applications

This part provides the guidance you need to design your Web applications securely. Even if you have an existing application, you should review this section and then revisit the concepts, principles, and techniques that you used during your application design. This part includes:

Part III, Building Secure Web Applications

This part helps you to apply the secure design practices and principles covered in the previous part to create a solid and secure implementation. You'll learn defensive coding techniques that make your code and application resilient to attack. Chapter 6 presents an overview of the .NET Framework security landscape so that you are aware of the numerous defensive options and tools that are at your disposal. Part III includes:

Part IV, Securing Your Network, Host and Application

This part shows you how to apply security configuration settings to secure the interrelated network, host, and application levels. Rather than applying security randomly, you'll learn the reasons for the security recommendations. Part IV includes:

Chapter 15, Securing Your Network
Chapter 16, Securing Your Web Server
Chapter 17, Securing Your Application Server
Chapter 18, Securing Your Database Server
Chapter 19, Securing Your ASP.NET Application and Web Services
Chapter 20, Hosting Multiple ASP.NET Applications

Part V: Assessing Your Security

This part provides you with the tools you need to evaluate the success of your security efforts. It shows you how to evaluate your code and design and also how to review your deployed application, to identify potential vulnerabilities:

Checklists

This section contains printable, task-based checklists, which are printable quick-reference sheets to help you turn information into action. This section includes the following checklists: