PDA

View Full Version : Books about web security



noodleepee
2017-Jul-24, 04:20 AM
Our web has a weak security in the office. It is more susceptible to a network attack and makes likely to loss more important data. Do you know any book about web security or references on how to secure web applications?

swampyankee
2017-Jul-24, 09:27 AM
You'll need more than one book. Start browsing the O'Reilly catalogue. Also, if the apps you're running go to a database, make sure you both filter the user input (see https://xkcd.com/327/) and have database triggers in place.

Security is at least four pieces: preventing intrusion, minimizing damage (and firewalls), being aware of intrusions, and continuing to operate. The last may mean that you need to be able to literally pull the plug on the modem and remain operational.

Oh, and backup everything off site.

If your data are valuable enough, like medical records which must be very tightly guarded, get good encryption software and encrypt everything in transit. The other point is that many security breaches are by insiders, users and sysadmins. Minimize the people who have administrative access and don't give one person admin access to everything: your DBA doesn't need to be your Web admin.