Computer security Question:
What are the most important steps you would recommend for securing a new web server? Web application?
Answer:
Note: Goal of question – Once again, there is no right or wrong answer, however we are interested in what the applicant views as important.
Web Server Security:
· Update/Patch the web server software
· Minimize the server functionality – disable extra modules
· Delete default data/scripts
· Increase logging verboseness
· Update Permissions/Ownership of files
Web Application Security:
· Make sure Input Validation is enforced within the code - Security QA testing
· Configured to display generic error messages
· Implement a software security policy
· Remove or protect hidden files and directories
Web Server Security:
· Update/Patch the web server software
· Minimize the server functionality – disable extra modules
· Delete default data/scripts
· Increase logging verboseness
· Update Permissions/Ownership of files
Web Application Security:
· Make sure Input Validation is enforced within the code - Security QA testing
· Configured to display generic error messages
· Implement a software security policy
· Remove or protect hidden files and directories
| Previous Question | Next Question |
| What do you see as challenges to successfully deploying/monitoring web intrusion detection? | What are some examples of you how you would attempt to gain access? |