[WEB SECURITY] Securing a website

Jeremiah Grossman jeremiah at whitehatsec.com
Thu Jun 9 16:33:37 EDT 2005


I've been recommending the Payment Card Industry (PCI) Data Security  
Standard, jointly developed by Visa and Master Card. The documentation  
includes all the essentials guidelines and even an audit program.  
Simply substitute "cardholder data" with whatever your protecting and  
slice out anything you don't need.

Here are the some relevant links:
http://usa.visa.com/business/accepting_visa/ops_risk_management/ 
cisp.html

http://usa.visa.com/business/accepting_visa/ops_risk_management/ 
cisp_training_tools.html?it=l2|/business/accepting_visa/ 
ops_risk_management/cisp%2Ehtml|Training%20and%20Tools

Jeremiah-



On Thursday, June 9, 2005, at 01:01  PM, Paul Ryan wrote:

> All - I'm looking for a technical document for deploying a web server  
> in a
> DMZ, I would like to make recommendation wrt to the website  
> implementation
> (i.e web login, user grouping etc). The hardening portion of the  
> actual box
> I have covered as it is a Unix server - just not sure of the best  
> method for
> the web page security...
>
> best regards,
>
> Paul Ryan
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list