Securing Web Application

I'm going to open up my machine to the internet in order to use a web application remotely. Only authorized users whom I've assigned login credentials have access to the web app. Although a password authentication is required to sign in to the web app, the app itself may have serious security flaws and can be vulnerable to attacks. As I trust my clients, and not anyone else on the internet, I'm willing there should be a way to protect the web app from malicious attacks.

What do you suggest?

Does HTTPS have a mode with which I can disable the public key advertisement so that only those who are given the certificate and have it installed on their browser can communicate with the web server? Others who don't have the server's public key will have no way to attack the web application, since they can't even talk to the server. Is this possible or I'm just imagining ?

What else can I do ?
LVL 14
hoomanvAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jwentingCommented:
The only way to do that reliably would be to allow access to the application only over a VPN tunnel.

With https everyone can still see the application, all it does is secure the communication between the server and client in order to thwart man in the middle attacks and data skimming attempts.

You could also rewrite the application to require client certificates in addition to other login credentials, but that would still expose at least the login screen to the outside world.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KETTANEHCommented:
you have to secure your machine by keeping it updated, good anti-virus.
you should configure the firewall very well to ensure that you are blocking any unneeded port.

HTTPS usually used when you are transferring secured data (like passwords, visa ... ) otherwise it wont help you.

VPN is a good solution but incase your client are not that much... otherwise it will be another headache
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.