Securing 3rd Party Website Applications
Moderator: General Moderators
Securing 3rd Party Website Applications
What are some best practices for securing 3rd party website applications? e.g. Besides using strong passwords, ensuring you have the latest version.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Securing 3rd Party Website Applications
It would be quite simple to run a couple of vulnerability scanners against these software. You could also check online vulnerability databases (and google) for known vulnerabilities of your web applications. If you want to be sure, you would need to get someone to evaluate the actual code, but that will take time and money, though. Also, taking a look at the history of these applications in terms of security will likely give you an idea of the overall security and what to expect in the future.Benjamin wrote:What are some best practices for securing 3rd party website applications?
Some developers also offer a feed to get informed of the latest security problems of their software.
Re: Securing 3rd Party Website Applications
What are your thoughts on ModSecurity?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Securing 3rd Party Website Applications
Well, think of having a software desktop firewall. While it blocks some attacks that would have been successful otherwise, it is not a guarantee of a secure system mostly because certain attacks rely on business logic failure or are just new. I think it is a good idea to use it if you are on Apache HTTPD and you do not notice any performance impact.