Securing Wordpress
Wordpress
Make sure you keep Wordpress and it's plugins updated. Since version 3.7, WordPress has featured automatic updates. Use this functionality to ease the process of keeping up to date. , if you you do not want to deal with this there...
Create a Web Application Security Blueprint
Create a Web Application Security Blueprint
You can’t hope to stay on top of web application security best practices without having a plan in place for doing so. All too often, companies take a disorganized approach to the situation and end up accomplishing next to nothing. Sit down with your IT security team to develop a detailed, actionable web application security plan. It should outline your...
Perform an Inventory of Your Web Applications
Perform an Inventory of Your Web Applications
Organized as though you think your company may be, you probably don’t have a very clear idea about which applications it relies on on a daily basis. In fact, most organizations have many rogue applications running at any given time and never notice them until something goes wrong. You can’t hope to maintain effective web application security withou...
Prioritize Your Web Applications
Prioritize Your Web Applications
After completing the inventory of your existing web applications, sorting them in order of priority is the logical next step. You may doubt it now, but your list is likely to be very long. Without prioritizing which applications to focus on first, you will struggle to make any meaningful progress.
Sort the applications into th...
Prioritize Vulnerabilities
Prioritize Vulnerabilities
As you work through the list of web applications prior to testing them, you need to decide which vulnerabilities are worth eliminating and which aren’t too worrisome. The fact of the matter is that most web applications have many vulnerabilities. For instance, take a look Sucuri's Q2 hacked websites report which analyzed 9000 infected websites and categorized them by p...
Run Applications Using the Fewest Privileges Possible
Run Applications Using the Fewest Privileges Possible
Even after all of your web applications have been assessed, tested and purged of the most problematic vulnerabilities, you aren’t in the clear. Every web application has specific privileges on both local and remote computers. These privileges can and should be adjusted to enhance security.
Always use the...
Have Protection In Place During the Interim
Have Protection In Place During the Interim
Even if you run a small and fairly simple organization, it may take weeks - or even months - to get through the list of web applications and to make the necessary changes. During that time, your business may be more vulnerable to attacks. Therefore, it is crucial to have other protections in place in the meantime to avoid major problems. For this you hav...
Use Cookies Securely
Use Cookies Securely
Another area that many organizations don’t think about when addressing web application security best practices is the use of cookies. Cookies are incredibly convenient for businesses and users alike. They allow users to be remembered by sites that they visit so that future visits are faster and, in many cases, more personalized. However, cookies can also be manipulated by ha...
Implement the Following Web Security Suggestions
Implement the Following Web Security Suggestions
Besides what we’ve already outlined in this post, there are a few other more “immediate” web application security suggestions that you can implement as a website or business owner. To learn more about each suggestion below, read the dedicated article pertaining to that topic and see if implementing each security enhancement is beneficial for y...
Conduct Web Application Security Awareness Training
Conduct Web Application Security Awareness Training
If you run a company, chances are that only certain people within your organization have a decent grasp of the importance of web application security and how it works. The majority of users have only the most basic understanding of the issue, and this can make them careless. This is also problematic because uneducated users fail to identify secur...