A list of valuable website security tips for website owners/developers and administrator. Updated requently http://www.websafe.ie/ www.websafe.ie Tue, 24 Feb 2011 11:20:00 GMT Sat, 01 Jan 2011 00:01:00 GMT One great service that the webmaster tools provides shows if Google has found any malicious code in the HTML markup that it indexes http://www.websafe.ie/Website-Security-Tips/?tip=Use-Google-Webmaster-Tools http://www.websafe.ie/Website-Security-Tips/?tip=Use-Google-Webmaster-Tools Wed, 02 Mar 2011 12:32:10 GMT If you do not have a Firewall already installed on your web server then this should be your first plan of action. http://www.websafe.ie/Website-Security-Tips/?tip=Install-a-Firewall http://www.websafe.ie/Website-Security-Tips/?tip=Install-a-Firewall Wed, 16 Feb 2011 12:23:10 GMT Ports on a web server listen and respond to specific services. Some of these services are necessary while others are not necessary and may increase the vulnerability of the web server. http://www.websafe.ie/Website-Security-Tips/?tip=Disable-Unnecessary-Services http://www.websafe.ie/Website-Security-Tips/?tip=Disable-Unnecessary-Services Tue, 31 Jan 2011 14:43:14 GMT If you do not have a Firewall already installed on your web server then this should be your first plan of action. protect yourself. http://www.websafe.ie/Website-Security-Tips/?tip=Install-a-Firewall http://www.websafe.ie/Website-Security-Tips/?tip=Install-a-Firewall Tue, 31 Jan 2011 10:41:54 GMT Allowing the user to specify different options while controlling their input, This means that the web developer now performs a lot more validation on the client machine(actual website interface) using JavaScript or similar. http://www.websafe.ie/Website-Security-Tips/?tip=Perform-Data-Validation-on-the-server-side http://www.websafe.ie/Website-Security-Tips/?tip=Perform-Data-Validation-on-the-server-side Tue, 30 Jan 2011 11:21:54 GMT Try and use only encrypted protocols such as SSH to access secure resources on the web server. Do not use protocols that have well known security flaws and use unencrypted clear text such as FTP and HTTP. Always try and connect from a secure server. http://www.websafe.ie/Website-Security-Tips/?tip=Do-not-use-clear-text-protocols http://www.websafe.ie/Website-Security-Tips/?tip=Do-not-use-clear-text-protocols Tue, 24 Jan 2011 11:41:00 GMT It is the upmost importance that the website displays a user friendly error message or page redirect stating the problem(s) in a informal manner. If you let the default web server engine or application engine allow detailed error messages then these messages will in almost all cases help attacker gain information about the infrastructure of your website. http://www.websafe.ie/Website-Security-Tips/?tip=Handling-Error-Handling http://www.websafe.ie/Website-Security-Tips/?tip=Handling-Error-Handling Tue, 18 Jan 2011 00:01:00 GMT It is the upmost importance that the website displays a user friendly error message or page redirect stating the problem(s) in a informal manner. If you let the default web server engine or application engine allow detailed error messages then these messages will in almost all cases help attacker gain information about the infrastructure of your website. http://www.websafe.ie/Website-Security-Tips/?tip=Handling-Error-Handling http://www.websafe.ie/Website-Security-Tips/?tip=Handling-Error-Handling Tue, 18 Jan 2011 00:01:00 GMT The Apache web server which is used by most website hosting providers uses a file named .htaccess to configure access settings for internal directories on a website. By allowing access to this file either direct amendment or allowing uploaded files to overwrite it will result in a complete overtake of your website. http://www.websafe.ie/Website-Security-Tips/?tip=Apache–Hide-the-htaccess-file http://www.websafe.ie/Website-Security-Tips/?tip=Apache–Hide-the-htaccess-file Tue, 15 Jan 2011 00:01:00 GMT Large corporations may seem like a good bet when looking for cheap website hosting, this is typically true. But unless you are dealing with the likes of Dell then it is best to choose a hosting provider that specifically deals with website hosting http://www.websafe.ie/Website-Security-Tips/?tip=Stay-Clear-of-Bulky-Hosting-Providers http://www.websafe.ie/Website-Security-Tips/?tip=Stay-Clear-of-Bulky-Hosting-Providers Tue, 11 Jan 2011 00:01:00 GMT The strength of a password is very important. Making a password to strong will discourage your websites usage. Depending on the importance scale of your website and the information it holds you will need to choose the right password strength policy. http://www.websafe.ie/Website-Security-Tips/?tip=Strong-User-Friendly-Password-Policy http://www.websafe.ie/Website-Security-Tips/?tip=Strong-User-Friendly-Password-Policy Tue, 07 Jan 2011 00:01:00 GMT Always having a fresh copy of the website and its information means that if there is an attack, successful or otherwise, getting the website backup and as unaffected as possible is less painful. Keep up to date and secure. http://www.websafe.ie/Website-Security-Tips/?tip=Always-and-I-mean-Always-Backup-your-website http://www.websafe.ie/Website-Security-Tips/?tip=Always-and-I-mean-Always-Backup-your-website Tue, 06 Jan 2011 00:01:00 GMT When a website creator/developer is working on a website, 99% of the time they are working from a local machine or a staging machine, sometimes both. It is up to the developer to keep these isolated machines free of software infections which may infect the website source files. These infected files could then be uploaded to the live web server. http://www.websafe.ie/Website-Security-Tips/?tip=Website-Developers-Protect-your-IDE http://www.websafe.ie/Website-Security-Tips/?tip=Website-Developers-Protect-your-IDE Tue, 05 Jan 2011 00:01:00 GMT It is not highlighted enough the fact that a website hosting environment is in fact a standard machine with a specific operating system and hardware designed for large data processing. Therefore it is just as important to have anti-virus installed and up to date on your website hosting machine. http://www.websafe.ie/Website-Security-Tips/?tip=Free-Web-Server-Anti-Virus-Software http://www.websafe.ie/Website-Security-Tips/?tip=Free-Web-Server-Anti-Virus-Software Tue, 04 Jan 2011 00:01:00 GMT When building websites with Microsoft’s ASP.NET platform then you will be familiar with the web.config file. This file is the most important file as it usually contains the database connection strings, application keys and file versions used and any other additional information universal to the website. http://www.websafe.ie/Website-Security-Tips/?tip=ASP.NET-web-config-encryption http://www.websafe.ie/Website-Security-Tips/?tip=ASP.NET-web-config-encryption Tue, 03 Jan 2011 00:01:00 GMT Allowing the Remote Desktop open on a web server without the use of a VPN(virtual protected network) schema is a security flaw in itself. It is important to protect your remote desktop access. Using account lockout policy. http://www.websafe.ie/Website-Security-Tips/?tip=Protect-Remote-Desktop-Connections http://www.websafe.ie/Website-Security-Tips/?tip=Protect-Remote-Desktop-Connections Tue, 02 Jan 2011 00:01:00 GMT Showing terms of trust allows website visitors to feel secured in the knowledge that a specialized third party company has verified your website. You can show this by displaying the trust seal provided by these companies. http://www.websafe.ie/Website-Security-Tips/?tip=Display-Trust-Marks http://www.websafe.ie/Website-Security-Tips/?tip=Display-Trust-Marks Tue, 01 Jan 2011 00:01:00 GMT