Penetration Testing mailing list archives
Re: web application security
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Tue, 22 Jan 2008 19:07:01 +0000
IMHO: * code audit * mod_security for your app. * publish an SPF record if you're sending email * keep an eye on the logs for "hotlinking" - e.g. a phishing site linking your images directly. In general you can't stop phishing attacks because your site will not be involved. A user will be going to the blackhat's site and entering their details - nowhere near your server. Presumably you have an HTTPS cert? But few people check them unfortunately. (You might do better asking on the securityfocus webappsec list.) cheers, Jamie On 22 Jan 2008 06:37:37 -0000, mahendra_yn () yahoo com <mahendra_yn () yahoo com> wrote:
Hi all, I need to harden a web application which is hosted in a datacentre.I need to monitor the webapplication 24/7.I also need to ensure that there would be no phising attacks on this website,I know there are a couple of 3rd party web application firewalls available which can do all this,but the question is will the datacentre allow me to do this-as a 3rd party service provider?if it doesnt allow then what are the other best options available for me.
-- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- web application security mahendra_yn (Jan 22)
- Re: web application security Jamie Riden (Jan 23)