This ebook presents a practical, scenario driven approach to designing and building secure ASP.NET applications for Windows 2000 and version 1.0 of the .NET Framework. It focuses on the key elements of authentication, authorization and secure communication within and across the tiers of distributed .NET Web applications.
This ebook is not an introduction to security. It is not a security reference for the Microsoft .NET Framework for that you have the .NET Framework Software Development Kit (SDK) available from MSDN, see the References section of this guide for details. This guide picks up where the documentation leaves off and presents a scenario-based approach to sharing recommendations and proven techniques, as gleaned from the field, customer experience, and insight from the product teams at Microsoft.
The information in this guide is designed to show you how to:
- Raise the security bar for your application.
- Identify where and how you need to perform authentication.
- Identify where and how you need to perform authorization.
- Identify where and how you need to secure communication both to your application (from your end users) and between application tiers.
- Identify common pitfalls and how to avoid them.
- Identify top risks and their mitigation related to authentication and authorization. Avoid opening up security just to make things work.
- Identify not only how, but also when to use various security features.
- Eliminate FUD (fear, uncertainty, and doubt).
- Promote best practices and predictable results.
No comments:
Post a Comment