Microsoft’s .NET framework provides developers with the ability to build and deploy applications and services via the Web. These services can facilitate communication between clients and .NET application servers (such as database servers and so forth) through the use of XML queries issued by the client. This environment is attractive to developers because it is a language-neutral environment that can deliver content to end-users regardless of the platform in use.
ASP.NET is a part of the framework for developing .NET applications. .NET itself is a model of software development and delivery envisioned by Microsoft. Its goal is to provide the software, develpoment platform, and backend infrastructure for applications that can be distributed across the Internet or other networks to a variety of devices such as Personal Computers (PCs) and Personal Digital Assistants (PDAs).
Although this technology provides powerful functionality to developers, these services can represent a potential threat to the security of a Web server. .NET applications and services can provide potential intruders with a new vector of attack, since many firewalls do not process HTTP traffic at a sufficient level to recognize malicious activity. Furthermore, these applications can possibly be used as a gateway for attackers to communicate with the .NET application servers.
This document discusses some of the security mechanisms and configuration options available to administrators to help secure these applications and reinforce the integrity of the Web server.
ASP.NET is a part of the framework for developing .NET applications. .NET itself is a model of software development and delivery envisioned by Microsoft. Its goal is to provide the software, develpoment platform, and backend infrastructure for applications that can be distributed across the Internet or other networks to a variety of devices such as Personal Computers (PCs) and Personal Digital Assistants (PDAs).
Although this technology provides powerful functionality to developers, these services can represent a potential threat to the security of a Web server. .NET applications and services can provide potential intruders with a new vector of attack, since many firewalls do not process HTTP traffic at a sufficient level to recognize malicious activity. Furthermore, these applications can possibly be used as a gateway for attackers to communicate with the .NET application servers.
This document discusses some of the security mechanisms and configuration options available to administrators to help secure these applications and reinforce the integrity of the Web server.
