i want to deploy our official asp.net web application (Enterprise Resource Plan ) which mostly contain critical data. currently we have deployed it on internal machine on intranet now we want to open it for public i.e on web what would be the best deploying strategy so that application remain fast,data secure and prevent unauthorized access. we have also a public ip and also have a server machine.
A:
It's not a deployment strategy you need, but really a check that your application has been properly architected and written with security in mind.
What sort of authentication do you use, how is your database secured, have you surveyed your code for possible security issues?
Microsoft do some good material on this - there's a lot to it and it depends on what domain you work in: http://msdn.microsoft.com/en-us/library/ff649874.aspx
Paddy
2010-06-10 11:48:42
please inform me about certain security issues
abrar
2010-06-10 12:41:45
@abrar - Please see my edit for a starting place.
Paddy
2010-06-10 13:03:00
A:
Paddy is correct in that you need to make sure you application was securely written rather than do anything with your deploy strategy.
I did a quick search and found these sites which would be a good place to start:
- http://www.symantec.com/connect/articles/five-common-web-application-vulnerabilities
- http://www.owasp.org/index.php/Top_10_2007
Personally the most common things I see are:
I would make sure you don't have any of these vulnerabilities first.
Abe Miessler
2010-06-10 14:22:38