Professional Documents
Culture Documents
The .NET Framework and ASP.NET in particular are an exciting and extremely important evolution in the Web technology world and are of particular interest to the security community. With this flexible and extensible security model and a wealth of security features, almost anything is possible in less time and with less effort than on many other platforms. The .NET Framework and ASP.NET are an excellent choice for building highly secure, feature-rich Web sites. Each and every decision in the process of designing, developing, testing, deploying, and maintaining a site can have significant security impact and implications. Security considerations and issues must be addressed with application design, development, deployment, and maintenance in view, not during any one of these phases in isolation.
traffic to HTTP, but the HTTP traffic can contain commands that exploit application vulnerabilities. Relying entirely on locking down your hosts is another unsuccessful approach. While several threats can be effectively countered at the host level, application attacks represent a serious and increasing security issue. Another area where security problems occur is deployment. A familiar scenario is when an application fails when it is deployed in a locked-down production environment, which forces the administrator to loosen security settings. This often leads to new security vulnerabilities. In addition, a lack of security policy or application requirements that are inconsistent with policy can compromise security. One of the goals of this guide is to help bridge this gap between development and operations. To make your application hack-resilient, you need a holistic and systematic approach to securing your network, host, and application. The responsibility spans phases and roles across the product life cycle. A hack-resilient application is one that reduces the likelihood of a successful attack and mitigates the extent of damage if an attack occurs. A hack-resilient application resides on a secure host (server) in a secure network and is developed using secure design and development guidelines. Open Hack application In 2002, eWeek sponsored its fourth Open Hack challenge, which proved that hack-resilient applications can be built using .NET technologies on servers running the Microsoft Windows 2000 operating system. The Open Hack team built an ASP.NET Web application using Microsoft Windows 2000 Advanced Server, Internet Information Services (IIS) 5.0, Microsoft SQL Server 2000, and the .NET Framework. It successfully withstood more than 82,500 attempted attacks and emerged from the competition unscathed. Three-layered approach - securing the network, securing the host, and securing the application The three-layered approach that it uses: securing the network, securing the host, and securing the application. It also shows the process called threat modeling, which provides a structure and rationale for the security process and allows you to evaluate security threats and identify appropriate counter measures.
Scope of Improving Web Application Security: Threats and Countermeasures
Security need to be addressed at the Web server, remote application server, and database server. At each tier, security needs to be addressed at the network layer, host layer, and application layer.
Area
Platforms
Product/Technology
.NET Framework 1.1 Windows 2000 Server family Windows Server 2003 security features are also highlighted. IIS 5.0 (included with Windows 2000 Server) Windows 2000 Server with .NET Framework 1.1 Server SQL Server 2000 ASP.NET, Enterprise Services, XML Web Services, .NET Remoting ADO.NET
Designers - learn how to avoid costly security mistakes - and how to make appropriate design choices early in the product development life cycle. Developers
learn how to implement defensive coding techniques and build secure code.
System administrators - learn how to methodically secure servers and networks, Security analysts - learn how to perform security assessments. A solid understanding of threats and associated countermeasures is essential for anyone who is interested in securing Web applications.
Securing Your Network, Host and Application is needed during Deployment and Maintenance.
Handled in framework?
How?
Description
How do you know that the input your application receives is valid and safe? Input validation refers to how your application filters, scrubs, or rejects input before additional processing. Who are you? Authentication is the process that an entity uses to identify another entity, typically through credentials such as a user name and password. What can you do? Authorization is the process that an application uses to control access to resources and operations. Who does your application run as? Which databases does it connect to? How is your application administered? How are these settings secured? Configuration management refers to how your application handles these operational issues. Sensitive data is information that must be protected either in memory, over the wire, or in persistent stores. Your application must have a process for handling sensitive data. A session refers to a series of related interactions between a user and your Web application. Session management refers to how your application handles and protects these interactions. How are you protecting secret information (confidentiality)? How are you tamperproofing your data or libraries (integrity)? How are you providing seeds for random values that must be cryptographically strong? Cryptography refers to how your application
Authentication
Sensitive Data
Session Management
Cryptography
Parameter Manipulation
Exception Management
enforces confidentiality and integrity. Form fields, query string arguments, and cookie values are frequently used as parameters for your application. Parameter manipulation refers to both how your application safeguards tampering of these values and how your application processes input parameters. When a method call in your application fails, what does your application do? How much does it reveal about the failure condition? Do you return friendly error information to end users? Do you pass valuable exception information back to the caller? Does your application fail gracefully? Who did what and when? Auditing and logging refer to how your application records securityrelated events.
Microsoft Baseline Security Analyzer (MBSA) Use the Microsoft Baseline Security Analyzer (MBSA) to detect the patches and updates that may be missing from your current installation. Run this on a regular basis, and keep your servers current with the latest patches and updates. Back up servers prior to applying patches, and test patches on test servers prior to installing them on a production server. Also, use the security notification services provided by Microsoft, and subscribe to receive security bulletins via e-mail.