.

help me to protect my WEBSITE ?

<<

iosoft

Newbie
Newbie

Posts: 1

Joined: Sun Aug 17, 2008 1:29 pm

Post Sun Aug 17, 2008 1:33 pm

help me to protect my WEBSITE ?

Friends,

Can you please give me some kind a 'check list' to protect my website running  on Linux+Apache+PHP+MySQL.

Thanks in advance.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Aug 17, 2008 3:53 pm

Re: help me to protect my WEBSITE ?

isosoft,

that is one seriously open-ended question.

Standard advice of google applies (It always does....)

OnLAMP is a good resource, of specific interest will be articles in the security section.

As for a checklist, there is only one universal rule:
Patch your vulns before the other guy exploits them....


;) Good luck out there.
<<

jimbob

Post Mon Aug 18, 2008 7:50 am

Re: help me to protect my WEBSITE ?

iosoft wrote:Can you please give me some kind a 'check list' to protect my website running  on Linux+Apache+PHP+MySQL.

Perhaps just as important is making sure your PHP applications are secure. If you are writing one yoruself, check out some of the information on the web regarding secure PHP programming. If you're using one of the many popular PHP application such as phpBB, Joomla, Drupal etc. make sure you have the latest version. There are automated scripts which actively seek out and exploit security hole in many of these packages.

With most OSS software there is a mailing list you can subscribe to which will send you security bulletins when a new version is release. This way you can stay in touch with what's going on and get alerted when a new update is available.

Don't forget pro-active steps like ensuring you back up your data and content.

Regards,
Jimbob
<<

only_samurai

Newbie
Newbie

Posts: 6

Joined: Tue Aug 12, 2008 3:40 pm

Post Mon Aug 18, 2008 4:06 pm

Re: help me to protect my WEBSITE ?

You can run a vulnerability assessment on your own site with tools like Grendel-Scan (open sourced and free :D )

In order to secure the site, you should be validating ALL inputs. Now, what does that mean exactly? It's a very wide range of sanity checking. If it's going into the database SQL syntax keywords and characters need to be watched very closely ( things like: ' " OR = /* # --  and even words like UPDATE, DECLARE, CAST can be dangerous). For simple XSS attacks running the input through htmlentities() is generally a pretty safe methodology.

There are far more things to do than this, however; because it would take ages to write out a 'full' list.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Mon Aug 18, 2008 4:23 pm

Re: help me to protect my WEBSITE ?

I wasnt at Defcon 16 but I did get a copy of the CD they handed out, and I saw the one on Grendel-Scan and it looks good and is on my never ending list of things to look at.

Here is the link for various OS downloads - http://grendel-scan.com/download.htm
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Mon Aug 18, 2008 4:26 pm

Re: help me to protect my WEBSITE ?

You can find some good checklists to secure your server and applications here  http://www.cisecurity.org/.  Most of the controls they recommend you won't be able to implement unless you own the servers that is hosting your website.  Good Luck!
CISSP, CEH, GPEN, GCIH, GCFA

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software