Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| Firewall restrictions ensure that only the SQL Server listening port is available on the database server. |
|
| A method for maintaining encrypted database connection strings is defined. |
|
| The application is configured to use a least-privileged database login. |
|
| SQL server auditing is configured. Failed login attempts are logged at minimum. |
|
| Data privacy and integrity over the network is provided with IPSec or SSL. |
Категории