Related Security Resources

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

J.D. Meier, Alex Mackman, Srinath Vasireddy, Michael Dunner, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

Related Microsoft patterns & practices GuidanceSecurity-Related Web SitesMicrosoft Security Services
Partners and Service ProvidersCommunities and NewsgroupsPatches and UpdatesService PacksAlerts and NotificationAdditional Resources

Related Microsoft patterns & practices Guidance

• Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the MSDN Web site at https://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp

  This guide focuses on the key elements of authentication, authorization, and secure communication within and across the tiers of distributed .NET Web applications. It is written for architects and developers.

• Designing Application-Managed Authorization on the MSDN Web site at https://msdn.microsoft.com/library/?url=/library/en-us/dnbda/html/damaz.asp

  This guide focuses on common authorization tasks and scenarios, and it provides information that helps you choose the best approaches and techniques. It is written for architects and developers.

• Understanding Microsoft Windows 2000 Security on the Microsoft Technet Web site at https://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/windows/secwin2k/default.asp

  This guide delivers procedures and best practices for system administrators to lock down their Windows 2000-based servers and maintain secure operations once they're up and running. It is written for IT Pros.

More Information

For more information on patterns and practices, refer to the Microsoft patterns & practices home page at https://msdn.microsoft.com/practices

Security-Related Web Sites

Microsoft Security-Related Web Sites

• Microsoft Security & Privacy home page at https://www.microsoft.com/security/
• Microsoft Security Bulletin Search at https://www.microsoft.com/technet/security/current.aspx
• Technet Security home page at https://www.microsoft.com/technet/security/
• MSDN Security home page at https://msdn.microsoft.com/en-us/security/default.aspx
• .NET Framework Security home page at https://msdn.microsoft.com/en-us/security/default.aspx
• Security and Trustworthy Computing at https://www.microsoft.com/business/enterprise/default.mspx
• Microsoft Training & Certification Security Product and Technology Resources at https://www.microsoft.com/learning/en/us/default.aspx

Third-Party, Security-Related Web Sites

• CERT (Computer Emergency Response Team) at http://www.cert.org/
• SANS Institute Web site at http://www.sans.org/
• Computer Security Resource Center at http://csrc.nist.gov/

Microsoft Security Services

• Awareness and educational services
  • Enterprise Security Strategy Seminar
  • Securing the Enterprise Platforms Workshop
• Security assessment services
  • Vulnerability assessment
• Security solutions services
  • Security design reviews
  • Incident response service

For information on these services, contact Microsoft Consulting Services:

• Microsoft Consulting Services (MCS) home page at https://www.microsoft.com/microsoftservices/en/us/home.aspx
• U.S. sales offices at https://www.microsoft.com/about/companyinformation/usaoffices/default.mspx
• Worldwide at https://www.microsoft.com/worldwide/

For free support on virus issues:

• The Microsoft 1-866-PCSAFETY line (U.S. and Canada)
• Microsoft local support resources (all other locations) at https://support.microsoft.com/common/international.aspx

Partners and Service Providers

• Microsoft USA Partner site at http://pinpoint.microsoft.com/en-US/default.asp
• Microsoft Service Providers at https://www.microsoft.com/serviceproviders/default.mspxdefault.asp

Communities and Newsgroups

Newsgroup Home Pages

• Microsoft Product Support Newsgroups at https://support.microsoft.com/gp/commnewsdefault.aspx
• MSDN Newsgroups at https://www.microsoft.com/communities/newsgroups/en-us/
• Technet Newsgroups at https://www.microsoft.com/communities/newsgroups/en-us/

For security issues within specific .NET Framework technologies, refer to the appropriate newsgroup:

• Microsoft Security Newsgroups at https://www.microsoft.com/communities/newsgroups/en-us/
• Virus Newsgroup at https://www.microsoft.com/communities/newsgroups/en-us/
• .NET Framework Security Newsgroup at https://msdn.microsoft.com/newsgroups/loadframes.asp?icp=msdn&slcid=us&newsgroup=microsoft.public.dotnet.security
• ASP.NET Security Newsgroup at https://msdn.microsoft.com/newsgroups/loadframes.asp?icp=msdn&slcid=us&newsgroup=microsoft.public.dotnet.framework.aspnet.security

Patches and Updates

• Hotfix and Security Bulletin Service at https://www.microsoft.com/technet/security/current.aspx

  View the security bulletins that are available for your system.

Service Packs

• Microsoft Service Packs at https://support.microsoft.com/default.aspx?scid=FH;[LN];sp&
• .NET Framework Service Packs:
  • Article 318836, "INFO: How to Obtain the Latest .NET Framework Service Pack" in the Microsoft Knowledge Base at https://support.microsoft.com/default.aspx?scid=kb;en-us;318836
  • Article 318785, "INFO: Determining Whether Service Packs Are Installed on .NET Framework" in the Microsoft Knowledge Base at https://support.microsoft.com/default.aspx?scid=kb;en-us;318785

Alerts and Notification

Microsoft Security Notification Services

• Virus alerts for Microsoft products at https://www.microsoft.com/security/portal/

• Microsoft Technical Security Notifications at https://www.microsoft.com/technet/security/bulletin/notify.mspx

  Use this service to register for regular e-mail bulletins that notify you of the availability of new fixes and updates.

Third Party Security Notification Services

• CERT Mailing Lists at http://www.cert.org/other_sources/usenet.html

  Informative advisories are sent when vulnerabilities are reported.

• Windows and .NET Magazine Security UPDATE at [Content link no longer available, original URL:"http://email.winnetmag.com/winnetmag/winnetmag_prefctr.asp#Security"]

  This announces the latest security breaches and corresponding fixes. It also gives advice on reacting to vulnerabilities.

• NTBugtraq at http://www.ntbugtraq.com/default.aspx.

  This is an open discussion of Windows security bugs and exploits. Vulnerablities that do not have patches are discussed.

• Internet Storm Center at http://isc.sans.org/

• This site tracks the frequency of worms, denial of service attacks, as well as other kinds of attacks.

• Security Focus Web site at http://www.securityfocus.com/

Additional Resources

Checklists and Assessment Guidelines

• IIS 5.0 Security Checklist at https://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/tips/iis5chk.mspx
• Security Tools at https://www.microsoft.com/technet/security/tools/default.mspx

Common Criteria

• Windows 2000 Common Criteria Guide at https://technet.microsoft.com/en-us/library/cc723510.aspx

  The Windows 2000 Common Criteria Security Target (ST) provides a set of security requirements taken from the Common Criteria (CC) for Information Technology Security Evaluation. The Windows 2000 product was evaluated against the Windows 2000 ST and satisfies the ST requirements.

  This document is written for those who are responsible for ensuring that the installation and configuration process results in a secure configuration. A secure configuration is one that enforces the requirements presented in the Windows 2000 ST, referred to as the Evaluated Configuration.

Reference Hub

• Reference hub from Building Secure ASP.NET Applications at https://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP03.asp?frame=true

Security Knowledge in Practice

• CERT Security Improvement Modules at [Content link no longer available, original URL:"http://www.cert.org/security-improvement/skip.html"]

Vulnerabilities

• SANs TOP 20 List at http://www.sans.org/top-cyber-security-risks/?ref=top20
• CERT (Computer Emergency Response Team) at http://www.cert.org/

World Wide Web Security FAQ

• http://www.w3.org/Security/faq/www-security-faq.html

Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

© Microsoft Corporation. All rights reserved.