Securing Your Web Application

   

A Web application provides a number of new security challenges such as unknown users, dynamic ASP pages, and cookies. Ideally, you would want to use the same security provision available to any networked computer, including controlled user access and protection for your application's resources. Fortunately, many of the standard Windows NT security features can be used to protect the elements of your Web application. What isn't protected directly by Windows NT is securable though Internet Information Server configuration options.

In order to implement security for your Web application, you should become acquainted with the concepts covered in the following topics in this section:

• Configuring Security for Internet Information Server
• Securing ASP and HTML Pages
• Setting Web Server Permissions
• Protecting the Global.asa File
• Securing Cookies
• Restricting Content
• Using Certificates