website security
- Status
- Not open for further replies.
1 - 3 of 3 Posts
Are you hosting the website yourself?
If yes, there is much you need to do, the details of which would depend greatly on the situation. Otherwise it is primarily in the hands of the host.
If yes, there is much you need to do, the details of which would depend greatly on the situation. Otherwise it is primarily in the hands of the host.
There are many things that you can do reduce the risks of hackers get into a website Hackers tend to target web applications. This is because vulnerabilities in web applications such as poor coding make it easy for hackers to bypass authentication of users on the website. It helps to first have an understanding of common vulnerabilities in websites. According to the Open Web Application Project (OWAP), risks for business Web applications include
• Unauthorized access to resources
• Data leakage /improper handling of confidential data such as credit card numbers
• Broken authentication/ session management
• Insecure cryptographic storage
• Insecure commendations
• Failure to restrict URL access
• Cross site scripting
• Injection flaws
• Malicious file execution
• Insecure direct object reference
• Cross site request forgery (Harwood, 2011).
Here are some ways to reduce the above risks
• Educate end users and staff
o For instance, educate them about social engerring, being link wary, not opening unknown email attachments, and/or that the website will never ask them to email his or her log in credentials.
• Secure the site by hardening the network
• Use and implement firewalls, IDS, and anti-virus and anti-malware software
• Create and implement network security wide policies and procedures for employees
• Use encryption to protect the confidentiality of data
• Use error message storage
• Use permissions and active directory and group policy settings to limit users access according the principle of least privilege
• Use VPN and SSL protocols
• Keep firmware, operating systems, applications, and antivirus software up to date on a regular basis (Harwood, 2011).
Lastly, anther helpful tool is to use Nessus. This is a vulnerability assessment that includes a variety of tools such as port scanners. Furthermore, it also gives you solutions to fix vulnerabilities found in your network.
I hope this helps. Let me know if you have any questions.
Becky
References
Harwood, M. (2011). Information systems security & assurance series: security strategies in
web applications and social networking. Sudbury, MA: Jones & Bartlett learning
• Unauthorized access to resources
• Data leakage /improper handling of confidential data such as credit card numbers
• Broken authentication/ session management
• Insecure cryptographic storage
• Insecure commendations
• Failure to restrict URL access
• Cross site scripting
• Injection flaws
• Malicious file execution
• Insecure direct object reference
• Cross site request forgery (Harwood, 2011).
Here are some ways to reduce the above risks
• Educate end users and staff
o For instance, educate them about social engerring, being link wary, not opening unknown email attachments, and/or that the website will never ask them to email his or her log in credentials.
• Secure the site by hardening the network
• Use and implement firewalls, IDS, and anti-virus and anti-malware software
• Create and implement network security wide policies and procedures for employees
• Use encryption to protect the confidentiality of data
• Use error message storage
• Use permissions and active directory and group policy settings to limit users access according the principle of least privilege
• Use VPN and SSL protocols
• Keep firmware, operating systems, applications, and antivirus software up to date on a regular basis (Harwood, 2011).
Lastly, anther helpful tool is to use Nessus. This is a vulnerability assessment that includes a variety of tools such as port scanners. Furthermore, it also gives you solutions to fix vulnerabilities found in your network.
I hope this helps. Let me know if you have any questions.
Becky
References
Harwood, M. (2011). Information systems security & assurance series: security strategies in
web applications and social networking. Sudbury, MA: Jones & Bartlett learning
1 - 3 of 3 Posts
- Status
- Not open for further replies.
Join the discussion
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Recommended Communities
Join now to ask and comment!