Synopses & Reviews
Gain a solid foundation for designing, building, and configuring security-enhanced, hack-resistant Microsoft® ASP.NET Web applications. This expert guide describes a systematic, task-based approach to security that can be applied to both new and existing applications. It addresses security considerations at the network, host, and application layers for each physical tierWeb server, remote application server, and database serverdetailing the security configurations and countermeasures that can help mitigate risks. The information is organized into sections that correspond to both the product life cycle and the roles involved, making it easy for architects, designers, and developers to find the answers they need. All PATTERNS & PRACTICES guides are reviewed and approved by Microsoft engineering teams, consultants, partners, and customersdelivering accurate, real-world information thats been technically validated and tested.
About the Author
Developed by senior editors and content managers at Microsoft Corporation.
Table of Contents
Forewords; Foreword by Mark Curphey; Foreword by Joel Scambray; Foreword by Erik Olson; Foreword by Michael Howard; Introduction; Why We Wrote This Guide; What Is a Hack-Resilient Application?; Scope of This Guide; Who Should Read This Guide; How to Use This Guide; Organization of This Guide; Approach Used in This Guide; Positioning of This Guide; Feedback and Support; The Team Who Brought You This Guide; Tell Us About Your Success; Summary; Solutions at a Glance; Architecture and Design Solutions; Development Solutions; Administration Solutions; Fast Track How To Implement the Guidance; Goal and Scope; The Holistic Approach; Securing Your Network; Securing Your Host; Securing Your Application; Identify Threats; Applying the Guidance to Your Product Life Cycle; Implementing the Guidance; Who Does What?; Summary; Introduction to Threats and Countermeasures; Chapter 1: Web Application Security Fundamentals; 1.1 We Are Secure We Have a Firewall; 1.2 What Do We Mean By Security?; 1.3 Threats, Vulnerabilities, and Attacks Defined; 1.4 How Do You Build a Secure Web Application?; 1.5 Secure Your Network, Host, and Application; 1.6 Securing Your Network; 1.7 Securing Your Host; 1.8 Securing Your Application; 1.9 Security Principles; 1.10 Summary; 1.11 Additional Resources; Chapter 2: Threats and Countermeasures; 2.1 Overview; 2.2 How to Use This Chapter; 2.3 Anatomy of an Attack; 2.4 Understanding Threat Categories; 2.5 Network Threats and Countermeasures; 2.6 Host Threats and Countermeasures; 2.7 Application Threats and Countermeasures; 2.8 Input Validation; 2.9 Authentication; 2.10 Authorization; 2.11 Configuration Management; 2.12 Sensitive Data; 2.13 Session Management; 2.14 Cryptography; 2.15 Parameter Manipulation; 2.16 Exception Management; 2.17 Auditing and Logging; 2.18 Summary; 2.19 Additional Resources; Chapter 3: Threat Modeling; 3.1 Overview; 3.2 Before You Begin; 3.3 How to Use This Chapter; 3.4 Threat Modeling Principles; 3.5 Step 1. Identify Assets; 3.6 Step 2. Create an Architecture Overview; 3.7 Step 3. Decompose the Application; 3.8 Step 4. Identify the Threats; 3.9 Step 5. Document the Threats; 3.10 Step 6. Rate the Threats; 3.11 What Comes After Threat Modeling?; 3.12 Summary; 3.13 Additional Resources; Designing Secure Web Applications; Chapter 4: Design Guidelines for Secure Web Applications; 4.1 Overview; 4.2 How to Use This Chapter; 4.3 Architecture and Design Issues for Web Applications; 4.4 Deployment Considerations; 4.5 Input Validation; 4.6 Authentication; 4.7 Authorization; 4.8 Configuration Management; 4.9 Sensitive Data; 4.10 Session Management; 4.11 Cryptography; 4.12 Parameter Manipulation; 4.13 Exception Management; 4.14 Auditing and Logging; 4.15 Design Guidelines Summary; 4.16 Summary; 4.17 Additional Resources; Chapter 5: Architecture and Design Review for Security; 5.1 Overview; 5.2 How to Use This Chapter; 5.3 Architecture and Design Review Process; 5.4 Deployment and Infrastructure Considerations; 5.5 Input Validation; 5.6 Authentication; 5.7 Authorization; 5.8 Configuration Management; 5.9 Sensitive Data; 5.10 Session Management; 5.11 Cryptography; 5.12 Parameter Manipulation; 5.13 Exception Management; 5.14 Auditing and Logging; 5.15 Summary; 5.16 Additional Resources; Building Secure Web Applications; Chapter 6: .NET Security Overview; 6.1 Overview; 6.2 How to Use This Chapter; 6.3 Managed Code Benefits; 6.4 User vs. Code Security; 6.5 .NET Framework Role-Based Security; 6.6 .NET Framework Security Namespaces; 6.7 Summary; 6.8 Additional Resources; Chapter 7: Building Secure Assemblies; 7.1 Overview; 7.2 How to Use This Chapter; 7.3 Threats and Countermeasures; 7.4 Privileged Code; 7.5 Assembly Design Considerations; 7.6 Class Design Considerations; 7.7 Strong Names; 7.8 Authorization; 7.9 Exception Management; 7.10 File I/O; 7.11 Event Log; 7.12 Registry; 7.13 Data Access; 7.14 Unmanaged Code; 7.15 Delegates; 7.16 Serialization; 7.17 Threading; 7.18 Reflection; 7.19 Obfuscation; 7.20 Cryptography; 7.21 Summary; 7.22 Additional Resources; Chapter 8: Code Access Security in Practice; 8.1 Overview; 8.2 How to Use This Chapter; 8.3 Code Access Security Explained; 8.4 APTCA; 8.5 Privileged Code; 8.6 Requesting Permissions; 8.7 Authorizing Code; 8.8 Link Demands; 8.9 Assert and RevertAssert; 8.10 Constraining Code; 8.11 File I/O; 8.12 Event Log; 8.13 Registry; 8.14 Data Access; 8.15 Directory Services; 8.16 Environment Vaaaaaariables; 8.17 Web Services; 8.18 Sockets and DNS; 8.19 Unmanaged Code; 8.20 Delegates; 8.21 Serialization; 8.22 Summary; 8.23 Additional Resources; Chapter 9: Using Code Access Security with ASP.NET; 9.1 Overview; 9.2 How to Use This Chapter; 9.3 Resource Access; 9.4 Full Trust and Partial Trust; 9.5 Configuring Code Access Security in ASP.NET; 9.6 ASP.NET Policy Files; 9.7 ASP.NET Policy; 9.8 Developing Partial Trust Web Applications; 9.9 Trust Levels; 9.10 Approaches for Partial Trust Web Applications; 9.11 Customize Policy; 9.12 Sandbox Privileged Code; 9.13 Deciding Which Approach to Take; 9.14 Medium Trust; 9.15 Medium Trust Restrictions; 9.16 Summary; 9.17 Additional Resources; Chapter 10: Building Secure ASP.NET Pages and Controls; 10.1 Overview; 10.2 How to Use This Chapter; 10.3 Threats and Countermeasures; 10.4 Design Considerations; 10.5 Input Validation; 10.6 Cross-Site Scripting; 10.7 Authentication; 10.8 Authorization; 10.9 Impersonation; 10.10 Sensitive Data; 10.11 Session Management; 10.12 Parameter Manipulation; 10.13 Exception Management; 10.14 Auditing and Logging; 10.15 Summary; 10.16 Additional Resources; Chapter 11: Building Secure Serviced Components; 11.1 Overview; 11.2 How to Use This Chapter; 11.3 Threats and Countermeasures; 11.4 Design Considerations; 11.5 Authentication; 11.6 Authorization; 11.7 Configuration Management; 11.8 Sensitive Data; 11.9 Auditing and Logging; 11.10 Building a Secure Serviced Component; 11.11 Code Access Security Considerations; 11.12 Deployment Considerations; 11.13 Summary; 11.14 Additional Resources; Chapter 12: Building Secure Web Services; 12.1 Overview; 12.2 How to Use This Chapter; 12.3 Threats and Countermeasures; 12.4 Design Considerations; 12.5 Input Validation; 12.6 Authentication; 12.7 Authorization; 12.8 Sensitive Data; 12.9 Parameter Manipulation; 12.10 Exception Management; 12.11 Auditing and Logging; 12.12 Proxy Considerations; 12.13 Code Access Security Considerations; 12.14 Deployment Considerations; 12.15 Summary; 12.16 Additional Resources; Chapter 13: Building Secure Remoted Components; 13.1 Overview; 13.2 How to Use This Chapter; 13.3 Threats and Countermeasures; 13.4 Design Considerations; 13.5 Input Validation; 13.6 Authentication; 13.7 Authorization; 13.8 Sensitive Data; 13.9 Denial of Service; 13.10 Exception Management; 13.11 Auditing and Logging; 13.12 Code Access Security (CAS) Considerations; 13.13 Summary; 13.14 Additional Resources; Chapter 14: Building Secure Data Access; 14.1 Overview; 14.2 How to Use This Chapter; 14.3 Threats and Countermeasures; 14.4 Design Considerations; 14.5 Input Validation; 14.6 SQL Injection; 14.7 Authentication; 14.8 Authorization; 14.9 Configuration Management; 14.10 Sensitive Data; 14.11 Exception Management; 14.12 Building a Secure Data Access Component; 14.13 Code Access Security Considerations; 14.14 Deployment Considerations; 14.15 Summary; 14.16 Additional Resources; Securing Your Network, Host, and Application; Chapter 15: Securing Your Network; 15.1 Overview; 15.2 How to Use This Chapter; 15.3 Threats and Countermeasures; 15.4 Methodology; 15.5 Router Considerations; 15.6 Firewall Considerations; 15.7 Switch Considerations; 15.8 Additional Considerations; 15.9 Snapshot of a Secure Network; 15.10 Summary; 15.11 Additional Resources; Chapter 16: Securing Your Web Server; 16.1 Overview; 16.2 How to Use This Chapter; 16.3 Threats and Countermeasures; 16.4 Methodology for Securing Your Web Server; 16.5 IIS and .NET Framework Installation Considerations; 16.6 Installation Recommendations; 16.7 Steps for Securing Your Web Server; 16.8 Step 1. Patches and Updates; 16.9 Step 2. IISLockdown; 16.10 Step 3. Services; 16.11 Step 4. Protocols; 16.12 Step 5. Accounts; 16.13 Step 6. Files and Directories; 16.14 Step 7. Shares; 16.15 Step 8. Ports; 16.16 Step 9. Registry; 16.17 Step 10. Auditing and Logging; 16.18 Step 11. Sites and Virtual Directories; 16.19 Step 12. Script Mappings; 16.20 Step 13. ISAPI Filters; 16.21 Step 14. IIS Metabase; 16.22 Step 15. Server Certificates; 16.23 Step 16. Machine.Config; 16.24 Step 17. Code Access Security; 16.25 Snapshot of a Secure Web Server; 16.26 Staying Secure; 16.27 Remote Administration; 16.28 Simplifying and Automating Security; 16.29 Summary; 16.30 Additional Resources; Chapter 17: Securing Your Application Server; 17.1 Overview; 17.2 How to Use This Chapter; 17.3 Threats and Countermeasures; 17.4 Methodology; 17.5 Communication Channel Considerations; 17.6 Firewall Considerations; 17.7 .NET Remoting Security Considerations; 17.8 Enterprise Services (COM+) Security Considerations; 17.9 Summary; 17.10 Additional Resources; Chapter 18: Securing Your Database Server; 18.1 Overview; 18.2 How to Use This Chapter; 18.3 Threats and Countermeasures; 18.4 Methodology for Securing Your Server; 18.5 SQL Server Installation Considerations; 18.6 SQL Server Installation Recommendations; 18.7 Steps for Securing Your Database Server; 18.8 Step 1. Patches and Updates; 18.9 Step 2. Services; 18.10 Step 3. Protocols; 18.11 Step 4. Accounts; 18.12 Step 5. Files and Directories; 18.13 Step 6. Shares; 18.14 Step 7. Ports; 18.15 Step 8. Registry; 18.16 Step 9. Auditing and Logging; 18.17 Step 10. SQL Server Security; 18.18 Step 11. SQL Server Logins, Users, and Roles; 18.19 Step 12. SQL Server Database Objects; 18.20 Snapshot of a Secure Database Server; 18.21 Additional Considerations; 18.22 Staying Secure; 18.23 Remote Administration; 18.24 Summary; 18.25 Additional Resources; Chapter 19: Securing Your ASP.NET Application and Web Services; 19.1 Overview; 19.2 How to Use This Chapter; 19.3 Methodology; 19.4 What You Must Know; 19.5 Machine.Config and Web.Config Explained; 19.6 Machine.Config and Web.Config Guidelines; 19.7 Trust Levels in ASP.NET; 19.8 Process Identity for ASP.NET; 19.9 Impersonation; 19.10 Authentication; 19.11 Authorization; 19.12 Session State; 19.13 View State; 19.14 Machine Key; 19.15 Debugging; 19.16 Tracing; 19.17 Exception Management; 19.18 Remoting; 19.19 Web Services; 19.20 Forbidden Resources; 19.21 Bin Directory; 19.22 Event Log; 19.23 File Access; 19.24 ACLs and Permissions; 19.25 Registry; 19.26 Data Access; 19.27 UNC Shares; 19.28 COM/DCOM Resources; 19.29 Denial of Service Considerations; 19.30 Web Farm Considerations; 19.31 Snapshot of a Secure ASP.NET Application; 19.32 Summary; 19.33 Additional Resources; Chapter 20: Hosting Multiple Web Applications; 20.1 Overview; 20.2 ASP.NET Architecture on Windows 2000; 20.3 ASP.NET Architecture on Windows Server 2003; 20.4 Isolating Applications by Identity; 20.5 Isolating Applications with Application Pools; 20.6 Isolating Applications with Code Access Security; 20.7 Forms Authentication Issues; 20.8 UNC Share Hosting; 20.9 Summary; Assessing Your Security; Chapter 21: Code Review; 21.1 Overview; 21.2 FxCop; 21.3 Performing Text Searches; 21.4 Cross-Site Scripting (XSS); 21.5 SQL Injection; 21.6 Buffer Overflows; 21.7 Managed Code; 21.8 Code Access Security; 21.9 Unmanaged Code; 21.10 ASP.NET Pages and Controls; 21.11 Web Services; 21.12 Serviced Components; 21.13 Remoting; 21.14 Data Access Code; 21.15 Summary; 21.16 Additional Resource; Chapter 22: Deployment Review; 22.1 Overview; 22.2 Web Server Configuration; 22.3 IIS Configuration; 22.4 Machine.Config; 22.5 Web Services; 22.6 Enterprise Services; 22.7 Remoting; 22.8 Database Server Configuration; 22.9 Network Configuration; 22.10 Summary; Related Security Resources; Related Microsoft patterns & practices Guidance; Security-Related Web Sites; Microsoft Security Services; Partners and Service Providers; Communities and Newsgroups; Patches and Updates; Alerts and Notification; Additional Resources; Index of Checklists; Overview; Designing Checklist; Building Checklists; Securing Checklists; Assessing Checklist; Checklist: Architecture and Design Review; How to Use This Checklist; Deployment and Infrastructure Considerations; Application Architecture and Design Considerations; Checklist: Securing ASP.NET; How to Use This Checklist; Design Considerations; Application Categories Considerations; Configuration File Settings; Checklist: Securing Web Services; How to Use This Checklist; Design Considerations; Development Considerations; Administration Considerations; Checklist: Securing Enterprise Services; How to Use This Checklist; Developer Checks; Administrator Checklist; Checklist: Securing Remoting; How to Use This Checklist; Design Considerations; Input Validation; Authentication; Authorization; Configuration Management; Sensitive Data; Exception Management; Auditing and Logging; Checklist: Securing Data Access; How to Use This Checklist; SQL Injection Checks; Authentication; Authorization; Configuration Management; Sensitive Data; Exception Management; Deployment Considerations; Checklist: Securing Your Network; How to Use This Checklist; Router Considerations; Firewall Considerations; Switch Considerations; Checklist: Securing Your Web Server; How to Use This Checklist; Dos and Donts; Checklist: Securing Your Database Server; How to Use This Checklist; Installation Considerations for Production Servers; Patches and Updates; Services; Protocols; Accounts; Files and Directories; Shares; Ports; Registry; Auditing and Logging; SQL Server Security; SQL Server Logins, Users, and Roles; SQL Server Database Objects; Additional Considerations; Staying Secure; Checklist: Security Review for Managed Code; How to Use This Checklist; General Code Review Guidelines; Managed Code Review Guidelines; Resource Access Considerations; Code Access Security Considerations; How To: Index; How To: Implement Patch Management; Applies To; Summary; What You Must Know; Before You Begin; Contents; Detecting; Assessing; Acquiring; Testing; Deploying; Maintaining; Additional Considerations; Additional Resources; How To: Harden the TCP/IP Stack; Applies To; Summary; What You Must Know; Contents; Protect Against SYN Attacks; Protect Against ICMP Attacks; Protect Against SNMP Attacks; AFD.SYS Protections; Additional Protections; Pitfalls; Additional Resources; How To: Secure Your Developer Workstation; Applies To; Summary; Before You Begin; Steps to Secure Your Developer Workstation; Run Using a Least-Privileged Account; Patch and Update; Secure IIS; Secure SQL Server and MSDE; Evaluate Your Configuration Categories; Stay Secure; How To: Use IPSec for Filtering Ports and Authentication; Applies To; Summary; Contents; What You Must Know; Restricting Web Server Communication; Restricting Database Server Communication; Restricting Server-to-Server Communication; Using IPSec Tools; Additional Resources; How To: Use the Microsoft Baseline Security Analyzer; Applies To; Summary; Contents; Before You Begin; What You Must Know; Scanning for Security Updates and Patches; Scanning Multiple Systems for Updates and Patches; SQL Server and MSDE Specifics; Scanning for Secure Configuration; Additional Information; Additional Resources; How To: Use IISLockdown.exe; Applies To; Summary; What Does IISLockdown Do?; Installing IISLockdown; Running IISLockdown; Log Files; Undoing IISLockdown Changes; Unattended Execution; Pitfalls; How To: Use URLScan; Applies To; Summary; Contents; Installing URLScan; Log Files; Removing URLScan; Configuring URLScan; Throttling Request Sizes with URLScan; Debugging VS .NET with URLScan Installed; Masking Content Headers (Banners); Pitfalls; References; How To: Create a Custom Encryption Permission; Applies To; Summary; Before You Begin; Summary of Steps; How To: Use Code Access Security Policy to Constrain an Assembly; Applies To; Summary; Before You Begin; Summary of Steps; Step 1. Create an Assembly That Performs File I/O; Step 2. Create a Web Application; Step 3. Test File I/O with No Code Access Security Constraints; Step 4. Configure Code Access Security Policy to Constrain File I/O; Step 5. Test File I/O With Code Access Security Constraints;