Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Securing Web Application

Posted on 2009-07-06
2
Medium Priority
?
396 Views
Last Modified: 2013-11-16
I'm going to open up my machine to the internet in order to use a web application remotely. Only authorized users whom I've assigned login credentials have access to the web app. Although a password authentication is required to sign in to the web app, the app itself may have serious security flaws and can be vulnerable to attacks. As I trust my clients, and not anyone else on the internet, I'm willing there should be a way to protect the web app from malicious attacks.

What do you suggest?

Does HTTPS have a mode with which I can disable the public key advertisement so that only those who are given the certificate and have it installed on their browser can communicate with the web server? Others who don't have the server's public key will have no way to attack the web application, since they can't even talk to the server. Is this possible or I'm just imagining ?

What else can I do ?
0
Comment
Question by:hoomanv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
jwenting earned 957 total points
ID: 24792253
The only way to do that reliably would be to allow access to the application only over a VPN tunnel.

With https everyone can still see the application, all it does is secure the communication between the server and client in order to thwart man in the middle attacks and data skimming attempts.

You could also rewrite the application to require client certificates in addition to other login credentials, but that would still expose at least the login screen to the outside world.
0
 
LVL 5

Expert Comment

by:KETTANEH
ID: 24857074
you have to secure your machine by keeping it updated, good anti-virus.
you should configure the firewall very well to ensure that you are blocking any unneeded port.

HTTPS usually used when you are transferring secured data (like passwords, visa ... ) otherwise it wont help you.

VPN is a good solution but incase your client are not that much... otherwise it will be another headache
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question