Re: web application security

["Jamie Riden" <jamie.riden () gmail com>]

IMHO:

* code audit
* mod_security for your app.
* publish an SPF record if you're sending email
* keep an eye on the logs for "hotlinking" - e.g. a phishing site
linking your images directly.

In general you can't stop phishing attacks because your site will not
be involved. A user will be going to the blackhat's site and entering
their details - nowhere near your server.

Presumably you have an HTTPS cert? But few people check them unfortunately.

(You might do better asking on the securityfocus webappsec list.)

cheers,
 Jamie

On 22 Jan 2008 06:37:37 -0000, mahendra_yn () yahoo com
<mahendra_yn () yahoo com> wrote:
> Hi all,
>
> I need to harden a web application which is hosted in a datacentre.I need to monitor the webapplication 24/7.I also 
> need to ensure that there would be no phising attacks on this website,I know there are a couple of 3rd party web 
> application firewalls available which can do all this,but the question is will the datacentre allow me to do this-as 
> a 3rd party service provider?if it doesnt allow then what are the other best options available for me.

-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------