- Don’t install any unnecessary components on the server – more code means more vulnerability for crackers to exploits.
Sign up to your operating system security notifications.
Patch all operating systems and any applications with official security fix.
Run up-to-date anti virus software on the web server, regardless of what operating system you are using.
IIS users
Don’t enable directory browsing unless you really need it.
Disable any FrontPage server extensions that are not being used.
Apache Users
Deny “all resources” by default and only allow the necessary functionality to each specific resource.
Log all web requests to allow you to spot suspicious activity.
Writing safer code
Always initialize global variables (avoiding the danger of them being initialized by a fake GET or POST request).
Turn off error reporting and log to file instead (making it more difficult for crackers to get the information they need).
Never trust any user input and output, so use filter functions to strip out special SQL characters and escape sequences.
No comments:
Post a Comment