Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Improving Web Application Security: Threats and Countermeasures 1st Edition

4.5 out of 5 stars 6 customer reviews
ISBN-13: 079-0145184290
ISBN-10: 0735618429
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used
Condition: Used - Good
Condition: Used: Good
Comment: The item shows wear from consistent use, but it remains in good condition and works perfectly. All pages and cover are intact (including the dust cover, if applicable). Spine may show signs of wear. Pages may include limited notes and highlighting. May include "From the library of" labels.
Access codes and supplements are not guaranteed with used items.
32 Used from $0.77
FREE Shipping on orders over $25.
More Buying Choices
9 New from $8.00 32 Used from $0.77
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Excel 2016 For Dummies Video Training
Discover what Excel can do for you with self-paced video lessons from For Dummies. Learn more.
click to open popover

Editorial Reviews

About the Author

Developed by senior editors and content managers at Microsoft Corporation.


The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Paperback: 960 pages
  • Publisher: Microsoft Press; 1 edition (September 2, 2003)
  • Language: English
  • ISBN-10: 0735618429
  • ISBN-13: 978-0735618428
  • Product Dimensions: 7.3 x 2.2 x 9.1 inches
  • Shipping Weight: 4.1 pounds
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (6 customer reviews)
  • Amazon Best Sellers Rank: #1,825,822 in Books (See Top 100 in Books)

Customer Reviews

5 star
4 star
3 star
2 star
1 star
See all 6 customer reviews
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
I am in the business of writing secure e-biz apps and I found the security and countermeasure strategies in this book to be very thorough.

Now, why the 4 stars? Two reasons - 1. The author(s) are very repetitive. I read the section on countermeasures to SQL injection attacks 3 times in the book.

2. The countermeasures are demonstrated adequately but the attacks are not. For instance, what to do to thwart SQL injection attacks is explained with some examples. But what really is a SQL injection attack; plain description is not enough? Some non-trivial examples of those make sense because then you know the reason for deploying the countermeasures; what are you saving yourself against? Sort of, identifying the enemy.

Nevertheless, a great, comprehensive and practical tutorial.
Comment 6 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
If you are designing, building and deploying Web based applications using Microsoft's .NET Framework run and get this book. Currently, there is no other book that can match the breath and depth of the topic covered in this book.
Contrary to what the title may imply, in addition to ASP.NET this book also covers how security should be addressed in the building of Serviced components, Web Services and Remoting. The chapters on Code Access Security are among the clearest that can be found anywhere.
This book takes a holistic approach to Security in that it addresses threats to the network, host and application layers. The old adage of a chain is only as strong as its weakest link is taken to heart in the book so guidance is provided on how security should be addressed across tiers and at multiple layers. Secure app development across the entire software development and deployment lifecycle is considered within the scope of this book.
In addition to Secure Coding guidelines, Extensive guidelines are provided that show how the Network, Web Server, Application Server and Database Server should be secured.
One of the things that I like about this book is that the guidance that is provided is task and role based. So even though the book is 800+ pages, it can be very easily used as a ready reference.
Multiple checklists that deal with Design, Build, Securing and Assessment are given and can be used out of the box.
In short, don't wait. Go get it now!
From the book's introduction:
Part I, "Introduction to Threats and Countermeasures," identifies and illustrates the various threats facing the network, host, and application layers. The process of threat modeling helps you to identify those threats that can harm your application.
Read more ›
Comment 5 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
Truly useful how-to-secure your server book. Goes through locking down your OS, web server (IIS), SQL Server installation,
.NET configuration, and web application do's and don'ts.
Very helpful when I configured a server which I rented from a dedicated machine hosting service.
Only reason for four stars rather than five, it is really based around Windows 2000 server. Needs to be updated for Windows 2003 server.
Comment 5 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Pages with Related Products. See and discover other items: computer security