August 05, 2008

How to Secure Your Web Application

Disclaimer: This is a guest post written by Heather Johnson, who writes on the subject of dial up Internet.

Web applications will install firewall to restrict unauthorized access to ports 80 and 443. But these don’t exactly stop unwanted attacks that come over these ports. There is much more that a web professional should do in addition to installing firewall. We’ve come up with a list that should help you sew up any holes that may appear in your latest web application that you’re working on. Without further ado here’s our list that should help maintain the integrity of your newest program:

  1. Limit access to your profile. One of the first things a hacker looks for is information regarding your web server. Be sure to take away the server header from the response of your web server. Go ahead and map out different paths to the file extensions of your dynamic pages. Take steps to ensure your machine isn’t named something that could identify its operating system. Take out your personal information from your WHOIS records that help someone in a social engineering attack.

  2. Authenticate. Unfortunately you can’t always trust the users that visit your website. You need to have your users authenticate who they are and their intent for visiting your site. You want to try to separate legitimate traffic from traffic that can hurt you. We’re not saying that every user is evil, but you need to be aware that there are unsavory people out there that try to hurt people in your position.

  3. Always be ready for the worst. If your server is compromised it’s important that you go offline and plug up any holes. You need to protect customer data such as credit card information and in order to do so you need to install security software that will protect this information.

  4. Always be monitoring. Instead of waiting to take care of a problem after it occurs if you are constantly logging your website’s activity you can help avoid a problem instead of simply reacting to it. Make sure you pay careful attention to your server’s error log.

  5. Don’t execute a poor request. There will be times when a user’s request is simply not good for you. Many attacks occur that attempt to modify the HTTP request that will end up create an averse effect. You should set up the positive model that will only allow what you want to allow; everything else should not be allowed to be processed on your site.
By-line:

This post was contributed by Heather Johnson, who writes on the subject of dial up Internet. She invites your feedback at heatherjohnson2323 at gmail dot com.

0 Comments: