Index of Checklists

 

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

Overview
Designing Checklist
Building Checklists
Securing Checklists
Assessing Checklist

Overview

Improving Web Application Security: Threats and Countermeasures provides a series of checklists that help you turn the information and details that you learned in the individual chapters into action. The following checklists are included:

Designing Checklist

Checklist: Architecture and Design Review covers aspects of the architecture and design stages of the project life cycle, including: input validation, authentication, authorization, configuration management, sensitive data, session management, cryptography, parameter manipulation, exception management, and auditing and logging.

Building Checklists

Each checklist in the building series covers the following application categories: input validation, authentication, authorization, configuration management, sensitive data, session management, cryptography, parameter manipulation, exception management, and auditing and logging. These checklists are:

  • Checklist: Securing ASP.NET
  • Checklist: Securing Web Services
  • Checklist: Securing Enterprise Services
  • Checklist: Securing Remoting
  • Checklist: Securing Data Access

Securing Checklists

Each checklist in the securing series covers aspects of securing the servers based on roles. The checklists cover the following: patches and updates, services, protocols, accounts, files and directories, shares, ports, registry, and auditing and logging. These checklists are:

  • Checklist:Securing Web Server. In addition to the common checklist information cited previously, this checklist covers the following points that are specific to a Web server: sites and virtual directories, script mappings, ISAPI filters, metabase, Machine.config, and code access security.
  • Checklist:Securing Database Server. In addition to the common checklist information cited previously, this checklist covers following points that are specific to a database server: SQL Server security; and SQL Server logins, users, and roles.

Assessing Checklist

Checklist: Security Review for Managed Code helps you to uncover security vulnerabilities in your managed code. This checklist covers the following: assembly-level checks, class-level checks, cryptography, secrets, exception management, delegates, serialization, threading, reflection, unmanaged code access, file I/O, event log, registry, environment variables and code access security considerations.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

© Microsoft Corporation. All rights reserved.