[WEB SECURITY] Securing a website

Ryan Barnett rcbarnett at gmail.com
Thu Jun 9 16:43:00 EDT 2005


I am assuming you are running Apache...  The Center for Internet
Security's Apache Benchmark is a great resource for Apache lockdown
prodedures -
http://www.cisecurity.org/bench_apache.html

Beyond the basic web server security issues, there are a number of web
application security resources, depending on which type of web
application you are using, PHP, ASP, JAVA, etc...

Try - 
WASC Threat Classification - http://www.webappsec.org/projects/threat/
for an idea of the issues that may apply.

-- 
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC


On 6/9/05, Paul Ryan <pryan at rogers.wave.ca> wrote:
> All - I'm looking for a technical document for deploying a web server in a
> DMZ, I would like to make recommendation wrt to the website implementation
> (i.e web login, user grouping etc). The hardening portion of the actual box
> I have covered as it is a Unix server - just not sure of the best method for
> the web page security...
> 
> best regards,
> 
> Paul Ryan
> 
> 
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
> 
>

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list