Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Securing Web Application

Posted on 2009-07-06
2
379 Views
Last Modified: 2013-11-16
I'm going to open up my machine to the internet in order to use a web application remotely. Only authorized users whom I've assigned login credentials have access to the web app. Although a password authentication is required to sign in to the web app, the app itself may have serious security flaws and can be vulnerable to attacks. As I trust my clients, and not anyone else on the internet, I'm willing there should be a way to protect the web app from malicious attacks.

What do you suggest?

Does HTTPS have a mode with which I can disable the public key advertisement so that only those who are given the certificate and have it installed on their browser can communicate with the web server? Others who don't have the server's public key will have no way to attack the web application, since they can't even talk to the server. Is this possible or I'm just imagining ?

What else can I do ?
0
Comment
Question by:hoomanv
2 Comments
 
LVL 6

Accepted Solution

by:
jwenting earned 319 total points
ID: 24792253
The only way to do that reliably would be to allow access to the application only over a VPN tunnel.

With https everyone can still see the application, all it does is secure the communication between the server and client in order to thwart man in the middle attacks and data skimming attempts.

You could also rewrite the application to require client certificates in addition to other login credentials, but that would still expose at least the login screen to the outside world.
0
 
LVL 5

Expert Comment

by:KETTANEH
ID: 24857074
you have to secure your machine by keeping it updated, good anti-virus.
you should configure the firewall very well to ensure that you are blocking any unneeded port.

HTTPS usually used when you are transferring secured data (like passwords, visa ... ) otherwise it wont help you.

VPN is a good solution but incase your client are not that much... otherwise it will be another headache
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RNC Hacking Question 6 45
Extra security implementation for 2017 9 69
What is Ransomware? 16 86
MS SQL / SQL Server Native Client -- how to prevent seeing other servers? 2 37
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question