Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| The design identifies, understands, and accommodates the company security policy. |
|
| Restrictions imposed by infrastructure security (including available services, protocols, and firewall restrictions) are identified. |
|
| The design recognizes and accomodates restrictions imposed by hosting environments (including application isolation requirements). |
|
| The target environment code-access-security trust level is known. |
|
| The design identifies the deployment infrastructure requirements and the deployment configuration of the application. |
|
| Domain structures, remote application servers, and database servers are identified. |
|
| The design identifies clustering requirements. |
|
| The design identifies the application configuration maintenance points (such as what needs to be configured and what tools are available for an IDC admin). |
|
| Secure communication features provided by the platform and the application are known. |
|
| The design addresses Web farm considerations (including session state management, machine specific encryption keys, Secure Sockets Layer (SSL), certificate deployment issues, and roaming profiles). |
|
| The design identifies the certificate authority (CA) to be used by the site to support SSL. |
|
| The design addresses the required scalability and performance criteria. |
Категории