Solved

Securing Web Application

Posted on 2009-07-06
2
338 Views
Last Modified: 2013-11-16
I'm going to open up my machine to the internet in order to use a web application remotely. Only authorized users whom I've assigned login credentials have access to the web app. Although a password authentication is required to sign in to the web app, the app itself may have serious security flaws and can be vulnerable to attacks. As I trust my clients, and not anyone else on the internet, I'm willing there should be a way to protect the web app from malicious attacks.

What do you suggest?

Does HTTPS have a mode with which I can disable the public key advertisement so that only those who are given the certificate and have it installed on their browser can communicate with the web server? Others who don't have the server's public key will have no way to attack the web application, since they can't even talk to the server. Is this possible or I'm just imagining ?

What else can I do ?
0
Comment
Question by:hoomanv
2 Comments
 
LVL 6

Accepted Solution

by:
jwenting earned 319 total points
ID: 24792253
The only way to do that reliably would be to allow access to the application only over a VPN tunnel.

With https everyone can still see the application, all it does is secure the communication between the server and client in order to thwart man in the middle attacks and data skimming attempts.

You could also rewrite the application to require client certificates in addition to other login credentials, but that would still expose at least the login screen to the outside world.
0
 
LVL 5

Expert Comment

by:KETTANEH
ID: 24857074
you have to secure your machine by keeping it updated, good anti-virus.
you should configure the firewall very well to ensure that you are blocking any unneeded port.

HTTPS usually used when you are transferring secured data (like passwords, visa ... ) otherwise it wont help you.

VPN is a good solution but incase your client are not that much... otherwise it will be another headache
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Live mode in DW, need to creae Session 4 57
Problem to echo 6 53
Problem to file 3 47
Microsoft scam computer 10 61
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This video teaches users how to migrate an existing Wordpress website to a new domain.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now