Solved

Securing Web Application

Posted on 2009-07-06
2
358 Views
Last Modified: 2013-11-16
I'm going to open up my machine to the internet in order to use a web application remotely. Only authorized users whom I've assigned login credentials have access to the web app. Although a password authentication is required to sign in to the web app, the app itself may have serious security flaws and can be vulnerable to attacks. As I trust my clients, and not anyone else on the internet, I'm willing there should be a way to protect the web app from malicious attacks.

What do you suggest?

Does HTTPS have a mode with which I can disable the public key advertisement so that only those who are given the certificate and have it installed on their browser can communicate with the web server? Others who don't have the server's public key will have no way to attack the web application, since they can't even talk to the server. Is this possible or I'm just imagining ?

What else can I do ?
0
Comment
Question by:hoomanv
2 Comments
 
LVL 6

Accepted Solution

by:
jwenting earned 319 total points
ID: 24792253
The only way to do that reliably would be to allow access to the application only over a VPN tunnel.

With https everyone can still see the application, all it does is secure the communication between the server and client in order to thwart man in the middle attacks and data skimming attempts.

You could also rewrite the application to require client certificates in addition to other login credentials, but that would still expose at least the login screen to the outside world.
0
 
LVL 5

Expert Comment

by:KETTANEH
ID: 24857074
you have to secure your machine by keeping it updated, good anti-virus.
you should configure the firewall very well to ensure that you are blocking any unneeded port.

HTTPS usually used when you are transferring secured data (like passwords, visa ... ) otherwise it wont help you.

VPN is a good solution but incase your client are not that much... otherwise it will be another headache
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now