Security Web Development

Web Security

Some resources and notes regarding Web Application security:


Securing the Desktop

The first stage must surely be to protect the machines we're working from.  A good first step is to enable OpenDNS on your machine, or if on a home network enable it on your router to cover all machines on your network.  Within the settings of your network on OpenDNS, block access to common malware associated domains such as .ru, .cn and .nu unless you are likely to want to visit sites in those domains.

 Setting up SSL on a Web Server

If you're running a home web server, you'll want to consider enabling SSL on your server. This causes all traffic between the browser and the server to be encrypted when the HTTPS protocol is used.  Combined with a login system employing salted passwords, this will make your server reasonably safe. One note though, if you don't purchase an SSL certificate your visitors will be prompted that the certificate is untrusted when they visit your site using HTTPS.   To save the hundred dollars or so that may well be worth the inconvenience.  Users can tell the browser to accept the certificate as valid to stop the warnings.

This article gives a very good guide to the process of getting this set up on your server;