Improving Web Application Security: Threats and Countermeasures

Each checklist in the securing series covers aspects of securing the servers based on roles. The checklists cover the following: patches and updates, services, protocols, accounts, files and directories, shares, ports, registry, and auditing and logging. These checklists are:

• Checklist: Securing Web Server . In addition to the common checklist information cited previously, this checklist covers the following points that are specific to a Web server: sites and virtual directories, script mappings, ISAPI filters, metabase, Machine.config, and code access security.

• Checklist: Securing Database Server . In addition to the common checklist information cited previously, this checklist covers following points that are specific to a database server: SQL Server security; and SQL Server logins, users, and roles.