Web application security - the fast guide 1.1

Chapter 3 - Vulnerabilities and threat models P a g e | 61 b) Architecture DMZ Data Browser HTTP(s) Biz logic Web Application identity TCP/IP Windows authentication+ Database pass DB Products info +User accounts Form Authentication+ Role check c) Roles Application roles are:   Internet users Catalog administrators d) Key Scenarios Important application scenarios are:       Anonymous user browses the product catalog to view product details. Anonymous user searches to locate a specific product. Anonymous user adds an item to the shopping cart. Anonymous user logs in to authenticate prior to placing an order. Anonymous user creates a new account prior to placing an order. Authenticated user places an order. e) Technologies The application uses the following technologies:      f) Web Server: Microsoft Internet Information Server (IIS) Presentation logic: ASP.NET (C#) Business logic: C# Class Libraries Data access logic: ADO.NET, T-SQL Stored Procedures Database Server: Microsoft SQL Server 2000 Application Security Mechanisms The most important application security mechanisms known at this time are:

Web application security - the fast guide 1.1 | Page 61