Printable View
I am working with online institute, the developer team has got different applications which are based on the following technologies:
All are web based applications
Build either on .NET framework 1.1 or .NET Framework 2.0
SQL server as a database at the backend
None of them are active directory enabled.
What security issue i have to take in consideration
Here is a list of Items I put together for you.
http://www.google.com/search?q=web+a...ient=firefox-a
I am greatful to that , because I have found alot of information
The most common threat with web app's is sql injection.
http://www.google.com/search?hl=en&q...=Google+Search
Consider the following:
* Servers - OS, Web, DB hardening / bastioning / latest patches
* Firewall rules and DMZ location (Web server should not be on the same segment as the SQL server if the Web App is available to the Internet.
* Authentication - using anonymous, basic or digest?
* Authorization - roles, permissions, runtime security
* Confidentiality - encryption methods (SSL), certificate servers
* Availability and support - is this an HA solution, does it require DR?
* Access Security - who needs access to support the application and servers?
Microsoft has some security whitepapers - http://msdn.microsoft.com/library/de...mendations.asp
Cheers,