Improving Web Application Security: Threats and Countermeasures

The host includes the operating system and .NET Framework, together with associated services and components . Whether the host is a Web server running IIS, an application server running Enterprise Services, or a database server running SQL Server, the guide adheres to a general security methodology that is common across the various server roles and types.

The guide organizes the precautions you must take and the settings you must configure into categories. By using these configuration categories, you can systematically walk through the securing process from top to bottom or pick a particular category and complete specific steps.

Figure 3 shows the configuration categories used throughout Part IV of this guide, "Securing Your Network, Host, and Application."

Figure 3: Host security categories