HelenIT
asked on
IT Security Website
Hi,
we want to create a new website and make sure it is secure. What would be your checklist, main questions to vendors/website providers about the IT security? What would you ask and make sure is in place so that we know we have a secure website?
Thank you,
HelenIT
we want to create a new website and make sure it is secure. What would be your checklist, main questions to vendors/website providers about the IT security? What would you ask and make sure is in place so that we know we have a secure website?
Thank you,
HelenIT
I would make sure your developers are trained on secure coding, do a good Quality Assurance check for it all. Implement a change control process to make sure all changes are documented and controlled, I would use some version control system. Once you're live (or about to go live), have a penetration test conducted against it to find any holes you didn't catch previously. You can request a redacted version of the final report to share with 3rd parties you want to work with (if your pentest vendor doesn't offer this, find a different vendor) once you've remediated the findings.
As said above, most of attacks can be easily prevented if the coder/programmer used coding standard and security in the code, so write software that proactively implements parameter checking to insure that the vulnerability is not written into the software, which takes training and standards, and keep testing your software/application for the presence of vulnerabilities. Additionally, make sure your web server is up-to-date with latest security fixes, Policy backups of the data would be a must, also implement WAF and firewall.
ASKER
Thanks both. Would there be a list that you know of that I could check off as I go along and test?
I'm sorry, but there's no real good (or widely acceptable) checklist. Here's what I'd try and capture:
Developers are well trained and practice secure coding
Change Management process and version control is in place
Firewall is in place and configured properly
IPS is in place and configured properly
Optional -- Site is tested by a penetration test, results are acceptable (critical, high, and medium findings are mitigated)
Developers are well trained and practice secure coding
Change Management process and version control is in place
Firewall is in place and configured properly
IPS is in place and configured properly
Optional -- Site is tested by a penetration test, results are acceptable (critical, high, and medium findings are mitigated)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.