ANN: Improving Web Application Security: Threats and Countermeasures

["Anil John" <atj () CyberForge com>]

Bake security into the application lifecycle. It's a comprehensive guide
for creating "hack resilient" apps. Use the guide to secure the network,
host and application (there's something for architects, devs, system
admins, testers, and security pros). It's principle-based and threat
focused. Guidance is task-based and modular with tons of implementation
steps. Deep drill-down on each technology, Code Access Security, ASP.NET,
Enterprise Services, Web Services, Remoting, and Data Access (ADO.NET/SQL
Server), with threats and countermeasures are provided. Also, includes
checklists and How Tos.

Key Problems Solved:

- Hosting multiple Web Apps securely 
- Writing secure managed code 
- Designing secure apps 
- Using CAS from ASP.NET 
- Preventing key security issues: Input validation, SQL injection,
Cross-Site Scripting 
- Securing your developer workstation 
- Securing your web server 
- Securing your database server 
- Locking down ASP.NET 
- Performing security reviews on design, code, and deployment 

Download @
http://msdn.microsoft.com/library/en-us/dnnetsec/html/threatcounter.asp

This is the second book in the .NET/Web Security Series from the
Microsoft Patterns and Practices Team. The first was "Building Secure
Microsoft ASP.NET Applications" which is available @
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp 

- Anil