need to write up security document
Posted: Thu May 18, 2006 8:30 am
I'm currently working on a major app for one of my clients, and security testing has been brought up...here's what i've identified as potential problems, hoping I can get some more knowledable folks to point out areas I've missed
besides the obvious (physical location of server, security holes in apache version we're using (if any)) , the server being prone to DOS attacks ... we have mysql port drop on the firewall so only access from localhost, and ssh has a diff port #
we have the following potential threads with the actual app:
-Unanticipated navigation path
-session hijacks
-sql injeciton
-post/get tamperage to gain a diff role (admin, etc)
-Man-in-the-middle packet interception
anything else?
thanks
besides the obvious (physical location of server, security holes in apache version we're using (if any)) , the server being prone to DOS attacks ... we have mysql port drop on the firewall so only access from localhost, and ssh has a diff port #
we have the following potential threads with the actual app:
-Unanticipated navigation path
-session hijacks
-sql injeciton
-post/get tamperage to gain a diff role (admin, etc)
-Man-in-the-middle packet interception
anything else?
thanks