Web 应用程序的基本安全做法.docxVIP

外文文献翻译英文原文Basic Security Practices for Web ApplicationsEven if you have limited experience with and knowledge of application security, there are basic measures that you should take to help protect your Web applications. The following sections in this topic provide minimum-security guidelines that apply to all Web applications.General Web Application Security Recommendations;Run Applications with Minimum Privileges ;Know Your Users; Guard Against Malicious User Input;Access Databases Securely;Create Safe Error Messages;Keep Sensitive Information Safely;Use Cookies Securely;Guard Against Denial-of-Service Threats.1. General Web Application Security RecommendationsEven the most elaborate application security can fail if a malicious user can use simple ways to gain access to your computers. General Web application security recommendations include the following: Back up data often and keep your backups physically secure.Keep your Web server physically secure so that unauthorized users cannot gain access to it, turn it off, physically steal it, and so on.Use the Windows NTFS file system, not FAT32. NTFS offers substantially more security than FAT32. Protect the Web server and all of the computers on the same network with strong passwords.Follow best practices for securing Internet Information Services (IIS). Close any unused ports and turn off unused services.Run a virus checker that monitors site traffic.Use a firewall.Learn about and install the latest security updates from Microsoft and other vendors.Use Windows event logging and examine the logs frequently for suspicious activity. This includes repeated attempts to log on to your system and excessive requests against your Web server.2. Run Applications with Minimum PrivilegesWhen your application runs, it runs within a context that has specific privileges on the local computer and potentially on remote computers. For information about configuring application identity, see Configuring ASP.NET Process Identity.To run wi