Security Basics mailing list archives
Re: Web Application Security
From: "Jason Thompson" <securitux () gmail com>
Date: Tue, 22 Jan 2008 12:46:34 -0500
Is the application hosted on a shared web server and application server or does the web / app have its own hardware? If it's shared your options are fairly limited. I know this sounds basic, but I'd have a vulnerability assessment done on the web app which should reveal things such as frames and cross-<whatever> scripting vulnerabilities that can allow phishing, as well as other issues with the app which are likely the result of poor coding. I've done a number of these recently because of customers having their app hosted and being unable to add much protection. And the issues I find are usually coding problems. For monitoring you can have the logs from the web application sent to a centralized repository for analysis if logging of requests and responses is built into the app. I think the hosting provider should provide you access to the logs of your web instance as well. It's a more reactive solution but combined with proper proactive coding practices you'll be in better shape than 90+% of the other apps out there. Also, if the provider is responsible for that server, then they should have some sort of SLA / policy around security and maintenance. Make sure they are adhering to it... or that they have one. -J On 22 Jan 2008 06:39:13 -0000, <mahendra_yn () yahoo com> wrote:
Hi all, I need to harden a web application which is hosted in a datacentre.I need to monitor the webapplication 24/7.I also need to ensure that there would be no phising attacks on this website,I know there are a couple of 3rd party web application firewalls available which can do all this,but the question is will the datacentre allow me to do this-as a 3rd party service provider?if it doesnt allow then what are the other best options available for me. Thanks!
Current thread:
- Web Application Security mahendra_yn (Jan 22)
- Re: Web Application Security Jason Thompson (Jan 22)
- <Possible follow-ups>
- Re: Re: Web Application Security jason . gerfen (Jan 22)
- RE: Re: Web Application Security Marco M. Morana (Jan 23)
- Re: Web Application Security wer90 (Jan 22)