This guide helps you to design, build, and configure hack-resilient Web applications. These are applications that reduce the likelihood of successful attacks and mitigate the extent of damage should an attack occur. This guide uses a three-layered approach: securing the network, securing the host, and securing the application. This guide addresses security across the three physical tiers: Web server, remote applications server, and database server. At each tier, security is addresses at the network layer, the host layer, and the application layer. The guide is organized into various security configuration categories that apply to the host and network, and the application vulnerability categories.
What this guide covers:
- How to secure the network, host, and application
- How to identify and evaluate threats using Threat Modeling
- How to create a secure design
- How to perform security review on existing architecture and design
- How to write secure managed code
- How to perform a security code review and deployment review