Designing Secure Web-Based Applications for Microsoft Windows 2000 (DV-MPS Designing) [Paperback]

Michael Howard (Author)

Book Description

Series: DV-MPS Designing | Publication Date: August 26, 2000

Developers of Web-based applications get expert guidance for taking advantage of the sophisticated security features in Windows 2000 -- all in one comprehensive volume. This definitive guide provides a solid foundation in security theory and concepts, explains the key software design considerations for various categories and levels of security, and discusses ways to apply the appropriate security to mitigate risk. It also covers a range of security technologies, including NTLM authentication, Kerberos authentication, SSL/TLS, CryptoAPI, ACLs, Active Directory services, certificates, and COM+ security.

Editorial Reviews

Amazon.com Review

"Web-based applications" is getting to be a redundant term, but that only highlights the fact that up-to-date programmers need to be familiar with the strategies and practices used to build modern networked software. Designing Secure Web-Based Applications for Microsoft Windows 2000 explains precisely what its title specifies: the mechanisms for allowing Windows programs to communicate over the network while maintaining security, plus their ways of fitting into complete product architectures. It's a complete engineering document with considerable information on identifying security threats, giving them relative weight, and deciding how to deal with them in the designs of your systems. The author has both done his homework and worked in the industry, and it's a pleasure to read his distilled knowledge.

Early sections are rather academic (which is not to say they're not worthwhile), while later sections deal with specific security strategies and the security features of particular products. The author isn't vague--he tells you how he thinks you should design your programs (storing hashes, instead of passwords, in a database to allow for intrusion into the database, for example) and what specifically you need to do (there's enough code here to give heft to what otherwise would be purely high-level advice). Although the author sticks to the Microsoft world, he isn't reluctant to point out security problems in Windows. This is a great volume for anyone designing Windows software that will share information over a network and need to use authentication, nonrepudiation, encryption, and other security techniques. --David Wall

Topics covered: Network security features of Windows 2000, Internet Explorer 5.0, SQL Server 7.0, SQL Server 2000, and COM+ 1.0, as well as the engineering tradeoffs involved in making software secure enough for safety, but open enough for reliability.

Product Details

• Paperback: 450 pages
• Publisher: Microsoft Press (August 26, 2000)
• Language: English
• ISBN-10: 0735609950
• ISBN-13: 978-0735609952
• Product Dimensions: 9.2 x 7.4 x 1.4 inches
• Shipping Weight: 2.3 pounds
• Average Customer Review: 4.6 out of 5 stars  See all reviews (15 customer reviews)
• Amazon Best Sellers Rank: #2,735,790 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

18 of 18 people found the following review helpful:

5.0 out of 5 stars This is NOT a rehash of Microsoft whitepapers or help files., September 7, 2000

By 

Jason Fossen (Dallas, Tx) - See all my reviews

This review is from: Designing Secure Web-Based Applications for Microsoft Windows 2000 (DV-MPS Designing) (Paperback)

This is the best IIS security book I've found yet, and I do Microsoft network security consulting for a living. Most IIS books simply rehash the IIS help files or Resource Kit-- this doesn't. Moreover, IIS 5.0 on Windows 2000 is substantially different than IIS 4.0 on NT, but nobody else I've read tackles the new heavy features like Kerberos authentication, digital certificate mapping to Active Directory, IPsec packet filtering for HTTP, distributed applications with COM+/DCOM, WMI, ADSI, etc.. The CD-ROM is also very useful; for example, it includes a Perl script which will search IIS logs for common attack signatures for intrusion detection. This book is written for security administrators and web-application developers. It has saved me MANY hours of trying to track down IIS 5.0 security internals that might not be documented anywhere else.

10 of 10 people found the following review helpful:

5.0 out of 5 stars Excellent broad coverage, an easy read., November 25, 2000

By 

"bruce1055" (Moutain View, CA USA) - See all my reviews

This review is from: Designing Secure Web-Based Applications for Microsoft Windows 2000 (DV-MPS Designing) (Paperback)

The book covers a great deal of ground very quickly. Importantly, the material is easy to read and useful. While the focus is on Windows 2000-based technology, much of the book (most notably, threat modelling, and practical authentication, authorization, privacy and non-repudiation) can be applied to other non-MS technologies.

The really cool thing I like the most about the book is it is practical, rather then theoretical.

The book gave me ammunition to convince management that they need to spend time/money/resources to insure a secure system, and then the book showed me how to choose appropriate technologies to solve security problems.

8 of 8 people found the following review helpful:

5.0 out of 5 stars Worth every Penny, November 5, 2000

By 

Aaron (Berlin, Germany) - See all my reviews

This review is from: Designing Secure Web-Based Applications for Microsoft Windows 2000 (DV-MPS Designing) (Paperback)

A great source of wisdom if you build or deploy web-sites. Well written, greath depth and most of all - easy to read. There is lots of new information previously unpublished.

It explains how to design, build, and deploy secure systems without resorting to scare-tactics.