Although numerous books on security are available, many of them cover only theory or perhaps a security silo—that is, an island of security based on a particular tool, application, or technology. It should be obvious that no complete security solution is a silo; all secure business applications touch many tools and many technologies. Also, designing, building, and deploying any secure solution as a series of silos is difficult and unwise because getting the silos to talk to one another can be time-consuming and expensive.

The focal point of this book is a holistic view of how to build secure Microsoft Windows 2000-based solutions that use various Web technologies. We cover soup to nuts: from the browser to servers to middleware servers to database servers and back. As it turns out, this is a reasonably complex task to address; there are many moving parts and our goal is to make sure you understand how it all fits together. Accordingly, this book is part reference, part tutorial, and part cookbook for building secure Web applications by using Microsoft technologies. We also cover some of the trade-offs you need to make when building such end-to-end solutions. For example, choosing the appropriate authentication and identity mechanisms can have a performance impact on your solution. For this reason, it's important that you choose the correct technologies to meet your business requirements.

This book's target audience is primarily Web developers and administrators developing, deploying, supporting, and using Windows 2000-based Web applications. Web developers will learn how to build security into their applications up front rather than after the fact; adding security features at the end of the development process is an often-made mistake that almost always jeopardizes security. They'll also learn how to approach and make the trade-offs between functionality, speed, and security. Web administrators will learn how to deploy Web applications securely, how to determine whether a computer is coming under attack, and how to respond to attacks.

Any reader of this book will gain a greater understanding of the security capabilities in Windows 2000, COM+, Internet Information Services (IIS), and Microsoft SQL Server and will learn a great deal about bedrock security principles. This knowledge is invaluable beyond building and deploying Web applications; all computer-based solutions require security of some sort.