March 20th, 2008, 12:13 PM
|
 |
Crypto-Con
|
|
Join Date: Apr 2004
Location: UC Davis
|
|
|
I assume you already have https enabled? Beyond that, there are a couple of things:
You need to ensure the webpage was designed securely, ie, the code of the backend language that manages your database etc isn't vulnerable to injections, etc. The guy who wrote your webpage to begin with might be a good person to start with.
You need to ensure your web server software is configured correctly. If you use Apache, you need to ensure that you have the latest security patches, that you do not have bad configurations, etc. For this you need someone with expertise with your specific server software.
You need to ensure that your web server, the machine itself, is secure. Ensure it has the latest security patches, there are no extra services running that a hacker could exploit, you have permissions and configurations set up properly, etc. For this you need someone with expertise with your OS (Linux, Windows, OpenBSD etc).
Sorry, there are no "do X and Y" steps to give, you just need a trained eye to evaluate those three aspects of your web service and comb them over.
__________________
- "Cryptographically secure linear feedback shift register based stream ciphers" -- a phrase that'll get any party started.
- Why know the ordinary when you can understand the extraordinary?
  
- Sponsor my caffeine addiction! (36.70 USD recieved so far -- Latest donor: Mark Foxvog)
|
Dev Shed Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
