Results 1 to 5 of 5

Thread: Applications and security consideration

  1. February 5th, 2007, 07:03 AM #1
    zillah
    zillah is offline
    Senior Member
    Join Date
    Dec 2004
    Posts
    140

    Applications and security consideration

    I am working with online institute, the developer team has got different applications which are based on the following technologies:

    All are web based applications
    Build either on .NET framework 1.1 or .NET Framework 2.0
    SQL server as a database at the backend
    None of them are active directory enabled.

    What security issue i have to take in consideration
    Last edited by zillah; February 5th, 2007 at 01:02 PM.
    Reply With Quote Reply With Quote
  2. February 6th, 2007, 05:07 PM #2
    MadBeaver
    MadBeaver is offline
    Senior Member MadBeaver's Avatar
    Join Date
    Jul 2003
    Location
    Bath, Maine
    Posts
    252
    Here is a list of Items I put together for you.
    http://www.google.com/search?q=web+a...ient=firefox-a
    Mad Beaver
    Reply With Quote Reply With Quote
  3. February 12th, 2007, 07:55 PM #3
    zillah
    zillah is offline
    Senior Member
    Join Date
    Dec 2004
    Posts
    140
    I am greatful to that , because I have found alot of information
    Reply With Quote Reply With Quote
  4. February 12th, 2007, 07:58 PM #4
    MadBeaver
    MadBeaver is offline
    Senior Member MadBeaver's Avatar
    Join Date
    Jul 2003
    Location
    Bath, Maine
    Posts
    252
    The most common threat with web app's is sql injection.
    http://www.google.com/search?hl=en&q...=Google+Search
    Mad Beaver
    Reply With Quote Reply With Quote
  6. February 13th, 2007, 08:27 PM #5
    aciscorouter
    aciscorouter is offline
    Member aciscorouter's Avatar
    Join Date
    Mar 2002
    Location
    Brampton, ON, Canada
    Posts
    35
    Consider the following:
    * Servers - OS, Web, DB hardening / bastioning / latest patches
    * Firewall rules and DMZ location (Web server should not be on the same segment as the SQL server if the Web App is available to the Internet.
    * Authentication - using anonymous, basic or digest?
    * Authorization - roles, permissions, runtime security
    * Confidentiality - encryption methods (SSL), certificate servers
    * Availability and support - is this an HA solution, does it require DR?
    * Access Security - who needs access to support the application and servers?

    Microsoft has some security whitepapers - http://msdn.microsoft.com/library/de...mendations.asp

    Cheers,
    aCISCOrouter

    "I used up all my sick days, so I’m calling in dead."
    http://www.facebook.com/profile.php?id=554370423
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 07:52 PM
  3. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  4. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 08:02 AM
  5. NEWS: This weeks Security News 10/30/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: October 31st, 2002, 01:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules