[WEB SECURITY] Securing a website

Code Freak securesauce at gmail.com
Thu Jun 9 16:28:29 EDT 2005


On 6/9/05, Paul Ryan <pryan at rogers.wave.ca> wrote:
> All - I'm looking for a technical document for deploying a web server in a
> DMZ, I would like to make recommendation wrt to the website implementation
> (i.e web login, user grouping etc). The hardening portion of the actual box
> I have covered as it is a Unix server - just not sure of the best method for
> the web page security...

It's a little outdated, but check out 

NIST special publication  (SP) 800-44 
Guidelines on Securing Public Web Servers,
September 2002

Here:

http://csrc.nist.gov/publications/nistpubs/

There are some other good security documents on that page as well.

rjf&

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list