Closed Web security

[vortex78]

Mga idol pano ko ba magagawang secure ang website ko? May free firewall ba na pwede gamitin para mas maging secure ang website na hindi nalaka apekto sa speed ng website?

 

[homer_simpson]

Are you going to manage an entire server or it is just webapp hosted on somebody else' server?

Firewall is just one aspect of securing a server. In fact, you might not need one as you are going to open your website to the world anyway. Unless you are going to cater only to a few geo IPs.

At the very fundamental level, you have to have a good grasp of filesystem access and ownership. Then you have to ask what sort of web apps are you going to run? Is it going to use CGI (php for example) and a database backend? What OS and web server is it? How much sysad experience do you have including database admin'ing?

In short, it is not easy.

 

[pixkit]

Mga idol pano ko ba magagawang secure ang website ko? May free firewall ba na pwede gamitin para mas maging secure ang website na hindi nalaka apekto sa speed ng website?

As pointed out in the previous comment, web security is not a trivial task. It's not something you can apply and forget.

There are many things you need to consider when securing website:
1. Enable HTTPS
2. Key rotations and policies
3. Scanning for vulnerabilities and applying updates.
4. Setting up process for monitoring suspicious activities
5. Backup policies and processes
6. Educating your end users.
7. Password management (should you even use passwords?)

If you can employ all these, then you are at least at a better state than not having them. Notice I didn't claim you'd be 100% safe or unhäçkable. But you will be way better off than having none of these.

I think one of the best advise I can give to you is to subscribe to a security twitter feed or blog so you'd be more informed of the latest threats and practices.

Check OWASP too. See You do not have permission to view the full content of this post. Log in or register now.

Check Snyk's Vulnerability DB at You do not have permission to view the full content of this post. Log in or register now.

Use a penetration testing framework like Metasploit to test your web app. See You do not have permission to view the full content of this post. Log in or register now.

 

[aa1012]

Read about security and threats topics. There's a lot of factors affecting the security of a website. Nonetheless you would be applying some sort of things such as using Certificates, an updated platform for you website, the use of https, parameterized query(on your back-end scripts), file and directory permissions, the use of content security policy to battle xss, avoid outdated protocol versions, etc, etc. Just read about it and play with it on a dev machine and controlled environment.