Improving Web Application Security and over one million other books are available for Amazon Kindle . Learn more

Quantity:

More Buying Choices

Have one to sell? Sell yours here

Share your own customer images

Search inside this book

Start reading Improving Web Application Security on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Improving Web Application Security: Threats and Countermeasures [Paperback]

Microsoft Corporation (Author)

4.0 out of 5 stars See all reviews (1 customer review)

RRP:	�30.99
Price:	�26.34 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
Deal Price:
You Save:	�4.65 (15%)
	Special Offers Available
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

Usually dispatched within 9 to 11 days.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.

Formats	Amazon Price		New from	Used from
Kindle Edition	�18.75		--	--
Paperback	�26.34		--	--

Amazon.co.uk Trade-In Store
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Plus, get an extra £5 Gift Certificate when you trade in books worth £10 or more before June 30, 2012. Visit the Books Trade-In Store for more details.

› See more product promotions

Special Offers and Product Promotions

Jubilee offer: spend �10 or more on any product sold by Amazon.co.uk on or before June 6 and you can buy The Diamond Jubilee A Classical Celebration Album for just �2.50 Here's how (terms and conditions apply)

Product details

Paperback: 840 pages
Publisher: MICROSOFT PRESS; 1 edition (1 Sep 2003)
Language English
ISBN-10: 0735618429
ISBN-13: 978-0735618428
Product Dimensions: 23.1 x 18.5 x 5.5 cm

Average Customer Review: 4.0 out of 5 stars See all reviews (1 customer review)

Amazon Bestsellers Rank: 1,185,330 in Books (See Top 100 in Books)
- #40 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Web Security
- #63 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Microsoft Windows

Would you like to update product info or give feedback on images?

See Complete Table of Contents

Product Description

Gain a solid foundation for designing, building, and configuring security-enhanced, hack-resistant Microsoft® ASP.NET Web applications. This expert guide describes a systematic, task-based approach to security that can be applied to both new and existing applications. It addresses security considerations at the network, host, and application layers for each physical tier—Web server, remote application server, and database server—detailing the security configurations and countermeasures that can help mitigate risks. The information is organized into sections that correspond to both the product life cycle and the roles involved, making it easy for architects, designers, and developers to find the answers they need. All PATTERNS & PRACTICES guides are reviewed and approved by Microsoft engineering teams, consultants, partners, and customers—delivering accurate, real-world information that’s been technically validated and tested.

About the Author

Developed by senior editors and content managers at Microsoft Corporation.

Inside This Book (Learn More)

First Sentence
When you hear talk about Web application security, there is a tendency to immediately think about attackers defacing Web sites, stealing credit card numbers, and bombarding Web sites with denial of service attacks. Read the first page

Explore More
Concordance

Tag this product

(What's this?)

Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items.

Customer Reviews

5 star

4 star

3 star

2 star

1 star

1 review

4.0 out of 5 stars

Write a customer review

Most Helpful Customer Reviews

Good .... 28 Feb 2007

By Jennifers Daddy TOP 1000 REVIEWER

Format:Paperback|Amazon Verified Purchase

This is aimed more at Microsoft products so has whole chapters on ASP.NET (pages and controls, code access security, secure web services).

There are also good chapters on design and architecture and lots of "check-lists" that will make you think about what you are doing. For example, "how do you validate input" and "how do you secure encryption keys". It does not tell you how to do these tasks but it does prompt you to think about situations you may not have considered.

This is over 800 pages long. If you are developing using ASP.NET it is worth getting.

This is NOT a substitute for "Writing secure code 2" by Michael Howard.

Comment |

Was this review helpful to you?

Yes

› See the customer review

Write a customer review

Most Helpful Customer Reviews on Amazon.com ^(beta)

Amazon.com: 6 reviews

6 of 6 people found the following review helpful

Great ideas for countermeasures, less demonstration 28 Oct 2004

By Rigor mortis - Published on Amazon.com

Format:Paperback

I am in the business of writing secure e-biz apps and I found the security and countermeasure strategies in this book to be very thorough.

Now, why the 4 stars? Two reasons - 1. The author(s) are very repetitive. I read the section on countermeasures to SQL injection attacks 3 times in the book.

2. The countermeasures are demonstrated adequately but the attacks are not. For instance, what to do to thwart SQL injection attacks is explained with some examples. But what really is a SQL injection attack; plain description is not enough? Some non-trivial examples of those make sense because then you know the reason for deploying the countermeasures; what are you saving yourself against? Sort of, identifying the enemy.

Nevertheless, a great, comprehensive and practical tutorial.

5 of 5 people found the following review helpful

Just get it!There is nothing that compares to it. 8 Mar 2004

By Anil John - Published on Amazon.com

Format:Paperback

If you are designing, building and deploying Web based applications using Microsoft's .NET Framework run and get this book. Currently, there is no other book that can match the breath and depth of the topic covered in this book.

Contrary to what the title may imply, in addition to ASP.NET this book also covers how security should be addressed in the building of Serviced components, Web Services and Remoting. The chapters on Code Access Security are among the clearest that can be found anywhere.

This book takes a holistic approach to Security in that it addresses threats to the network, host and application layers. The old adage of a chain is only as strong as its weakest link is taken to heart in the book so guidance is provided on how security should be addressed across tiers and at multiple layers. Secure app development across the entire software development and deployment lifecycle is considered within the scope of this book.

In addition to Secure Coding guidelines, Extensive guidelines are provided that show how the Network, Web Server, Application Server and Database Server should be secured.

One of the things that I like about this book is that the guidance that is provided is task and role based. So even though the book is 800+ pages, it can be very easily used as a ready reference.

Multiple checklists that deal with Design, Build, Securing and Assessment are given and can be used out of the box.

In short, don't wait. Go get it now!

From the book's introduction:

Part I, "Introduction to Threats and Countermeasures," identifies and illustrates the various threats facing the network, host, and application layers. The process of threat modeling helps you to identify those threats that can harm your application. By understanding these threats, you can identify and prioritize effective countermeasures.

Part II, "Designing Secure Web Applications," gives you the guidance you require to design secure Web applications. Even if you have deployed your application, we recommend that you examine and evaluate the concepts, principles, and techniques outlined in this part.

Part III, "Building Secure Web Applications," allows you to apply the secure design practices introduced in Part II to create secure implementations. You will learn defensive coding techniques that make your code and application resilient to attack.

Part IV, "Securing Your Network, Host, and Application," describes how you will apply security configuration settings to secure these three interrelated levels. Instead of applying security randomly, you will learn the rationale behind the security recommendations.

Part V, "Assessing Your Security," provides the tools you require to evaluate the success of your security efforts. Starting with the application, you'll take an inside-out approach to evaluating your code and design. You'll follow this with an outside-in view of the security risks that challenge your network, host and application.

5 of 5 people found the following review helpful

Excellent Resource but Dated (Already) 18 Feb 2004

By Gary Sinkowitz - Published on Amazon.com

Format:Paperback

Truly useful how-to-secure your server book. Goes through locking down your OS, web server (IIS), SQL Server installation,
.NET configuration, and web application do's and don'ts.
Very helpful when I configured a server which I rented from a dedicated machine hosting service.
Only reason for four stars rather than five, it is really based around Windows 2000 server. Needs to be updated for Windows 2003 server.

› Go to Amazon.com to see all 6 reviews

Were these reviews helpful? Let us know

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }