Improving Web Application Security: Threats and Countermeasures

This chapter provides a methodology and the steps required to secure your Web server. You can adapt the methodology for your own situation. The steps are modular and demonstrate how you can put the methodology in practice. You can use these procedures on existing Web servers or on new ones.

To gain the most from this chapter:

• Read Chapter 2, "Threats and Countermeasures." This will give you a broader understanding of potential threats to Web applications.

• Use the Snapshot . The section "Snapshot of a Secure Web Server" lists and explains the attributes of a secure Web server. It reflects input from a variety of sources including customers, industry experts, and internal Microsoft development and support teams . Use the snapshot table as a reference when configuring your server.

• Use the Checklist . "Checklist: Securing Your Web Server" in the "Checklist" section of this guide provides a printable job aid for quick reference. Use the task-based checklist to quickly evaluate the scope of the required steps and to help you work through the individual steps.

• Use the "How To" Section . The "How To" section in this guide includes the following instructional articles:

  • "How To: Use URLScan"

  • "How To: Use Microsoft Baseline Security Analyzer"

  • "How To: Use IISLockdown"