Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: web application security

from [Jamie Riden] Network Security [Permanent Link]
Subject: Re: web application security
Date: Tue, 22 Jan 2008 19:07:01 +0000 
IMHO:

* code audit
* mod_security for your app.
* publish an SPF record if you're sending email
* keep an eye on the logs for "hotlinking" - e.g. a phishing site
linking your images directly.

In general you can't stop phishing attacks because your site will not
be involved. A user will be going to the blackhat's site and entering
their details - nowhere near your server.

Presumably you have an HTTPS cert? But few people check them unfortunately.

(You might do better asking on the securityfocus webappsec list.)

cheers,
 Jamie

On 22 Jan 2008 06:37:37 -0000, mahendra_yn@yahoo.com
<mahendra_yn@yahoo.com> wrote:

Hi all,

I need to harden a web application which is hosted in a datacentre.I need to 
monitor the webapplication 24/7.I also need to ensure that there would be no 
phising attacks on this website,I know there are a couple of 3rd party web 
application firewalls available which can do all this,but the question is 
will the datacentre allow me to do this-as a 3rd party service provider?if it 
doesnt allow then what are the other best options available for me.


-- 
Jamie Riden / jamesr@europe.com / jamie@honeynet.org.uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: http TRACE option, Alexander Bondarenko
Next by Date:  RE: Thoughts of the paranoid on the call centre security., Gadi Evron
Previous by Thread:  web application security, mahendra_yn
Next by Thread:  Question re: load balancers as a security device, dan . tesch
Indexes:  [Date] [Thread] [Top] [All Lists]