• No results found

Lec 22 Web App Security.pptx

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "Lec 22 Web App Security.pptx"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

1

CS428 Web Engineering

Lecture 22

Web Application Security

(2)

• Keep All Software Updated

• Build Layers of Security Around Your Site • Switch to HTTPS

• Use Strong Passwords, Change Regularly • Apply Strong Authorization

• Make Admin Directories Tough to Spot • Backup your Website

• Make your Data Entry Secure via Captcha Code

• Monitor your Website

(3)

• Ensure that every piece of software you run is up to date.

• CMS providers like WordPress, Joomla work round the clock trying to plug any holes in their systems and release regular patches and

updates that make their software less vulnerable to attacks.

• Ensure that you run these updates and have the latest version supporting your site at any given point in time.

(4)

• If your site uses third party plugins, keep track of their updates and ensure that

these are updated on time as well.

• Clean out your website of any unused, old and non-updated plugins

(5)

• Just as you lock your doors before leaving your house and install antivirus software on your desktop computer, make your website secure.

• A Web Application Firewall is that first line of defense. These solutions are designed to

inspect incoming traffic, provide and weed out malicious requests –- offering protection from SPAM, brute force attacks, SQL

Injections and Cross Site Scripting.

(6)

• Until just a few years ago, Web Application Firewalls were only available as hardware appliances, but today a few Security-as-a-service (SECaaS) providers are

revolutionizing the industry by using cloud technology to cut down prices of security

solutions previously found only in enterprise level setups.

(7)

• HTTPS or Hyper Text Transfer Protocol

Secure, is a secure communications protocol that is used to transfer sensitive information between a website and a web server.

• Moving your website to the HTTPS protocol essentially means adding an encryption layer of TLS (Transport Layer Security) or SSL

(Secure Sockets Layer) to your HTTP

making your users’ and your own data extra secure from hacking attempts.

(8)
(9)

• Brute force attacks that try guessing username

password combinations have multiplied at alarming rates over the last couple of years with thousands of attacks being detected on a daily basis across the web.

• Using strong passwords is an effective way to limit if not completely eliminate brute force and dictionary attacks. Strong passwords are not just a

requirement for your email or financial transactions online, they are also imperative for your website

server, admin and database passwords.

(10)

• Make sure your password is a combination of

alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long to prevent brute force attacks.

• Do not use the same password for all your different

website logins. Change your passwords regularly to

keep them doubly secure.

Use Password Encryption

– Store users’ passwords in encrypted form. This ensures

that even if there is a security breach, attackers do not get their hands on actual user passwords.

(11)

• A filtering mechanism that allows access to the client or server environment only by those individuals with appropriate authorization

codes(e.g., user ID and password)

• For all the data or pages you want to access by some specific resources or users, do apply authentication via username/password so that a specific user can access his own area.

(12)

• An ingenious way hackers gain access to your site’s data is by going straight to the source and hacking into your admin

directories.

• Hackers can use scripts that scan all the

directories on your web server for giveaway names like ‘admin’ or ‘login’ etc. and focus their energies on entering these folders to compromise your website’s security.

(13)

• Most popular CMS’s allow you to rename your admin folders to any name of your

choice. Pick innocuous sounding names for your admin folders that are known only to your webmasters to greatly reduce the

possibility of a potential breach.

• This is such a basic and easily avoidable hacking scenario, that it’s astonishing how millions of websites still ignore it.

(14)

• It goes without saying you should have routine

backups of your site. The rule of thumb is everything required to get the site running exactly as it was at the time of the backup should be included.

• That usually means the files, content and the

database. Backups should be stored off site or at

least not on the same computer as your web server. Finally, a backup is only useful if you can restore

your website. You should test your website restore process at least once a year and write up

instructions in case someone else needs to do it.

(15)

• A CAPTCHA (an acronym for "Completely Automated Public Turing test to tell

Computers and Humans Apart") is a type of challenge-response test used

in computing to determine whether or not the user is human to make your website secure from robots or spam attacks.

(16)

• You don’t want to find out that your site was defaced from a any source.

• You want to be the first to know about it. There are a lot of good tools for monitoring your site including some free ones like

http://www.uptimerobot.com and Google Analytics

• Be smart and use one. To help with those really difficult cases where your site was hacked but does not appear hacked, use Google Safe

browsing to detect the hidden malware on your page.

References

Download now ( PPTX - 16 Page - 205.43 KB )

Related documents

Course 10: Strategic Planning

Did the Strategic Plan produce the right results in regards to: Mission, Strengths, Weaknesses, Opportunities, Threats, Critical Issues, Identification of Competition, and Goals..

NeighborhoodInfo DC Fact Sheet

One out of every three (33.0 percent) home- purchase and refinance loans in Prince George’s County was issued by subprime lenders in 2005 (figure 1), and 44.0 percent were

Critical Capabilities and Performance of the Small Subcontracting Firms in the Aerospace Industry

Independent Variables $ $ 1 Organizational Characteristics: P Size P Export Performance Technological Capabilities: P R&D Intensity P Technological Penetration P

MAKE YOUR WEBSITE SAFE & SECURE

True Business ID certificates include the trusted site seal, support mobile browsers and are fully organization-validated, for a very reasonable price... MONTHLY

The genomic landscape of the verrucomicrobial methanotroph Methylacidiphilum fumariolicum SolV

The next rings (outside to inside) show: gene annotation, highlighting key biological pathways in colours; placement of the draft genome in respect to the final assembly; and

Channels produced by LGBT+ YouTubers: gender discourse analysis

2) What the main topics of LGBT+ channels are, and whether they are related to personal and life experience;.. 3) Whether their circumstance as LGBT+ YouTubers affects their

Body Image Among Older, Rural, African-American Women with Type 2 Diabetes

Normal to slim body im- ages as presented in a photographic array were selected as being more attractive, less likely to have diabetes and hypertension, healthier and to be

Strategies to Improve Final Year Nursing Students Confidence. Linh Drexler University of Windsor

This article looks at final year nursing students’ experiences and feelings of confidence and explores interventions, strategies, and programs that help maximize their confidence