All
All

Guide to Website Security

256 KB | 3 files |  PDF

Basic guidelines that can be applied to websites to reduce the attack surface or mitigate the effects of a compromise.

Every community organization, corporation, business, or government agency relies on an outward-facing website to provide information about themselves, announce an event, or sell a product or service. Consequently, public facing websites are often the most targeted attack vectors for malicious activity. Web server attacks include:

  • Exploitation of software bugs in the Web server
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks
  • Compromising "backend" data through command injection attacks, such as Structured Query Language (SQL) injection; Lightweight Directory Access Protocol (LDAP) injection; and cross-site scripting (XSS)
  • Website defacement for malicious purposes
  • Using compromised Web server capabilities to attack external entities
  • Using a compromised Web server to distribute malware.

There are a number of challenges associated with securing a Web server because not only does the operating system need to be secured but so do the associated Web applications and services running on the device. One of the most difficult aspects is often keeping abreast of new and emerging vulnerabilities to both the Operating system and the Web applications as well as keeping those systems patched and up to date.

This TIP provides basic guidelines and security safeguard concepts that can be applied to public facing websites to reduce the attack surface area or mitigate the effects of a compromise.

The attached zip file includes:

  • Intro Page.pdf
  • Terms and Conditions.pdf
  • WebsiteSecurity.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.
Related IT Downloads

Misc43 Guidelines for Smart Grid Cybersecurity

This three-volume report presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of smart grid-related characteristics, risks, and vulnerabilities. ...  More >>

Money3 PCI Compliance: The Definitive Guide

In this excerpt from chapter 20, the author briefly discusses the challenges and success factors that the organization must be aware of to maintain compliance and achieve optimum information security for the enterprise. ...  More >>

Approximate Matching: Definition and Terminology

Approximate matching is a promising technology designed to identify similarities between two digital artifacts. This can be very useful for filtering data for security monitoring and digital forensics. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data