Server & Network Security Practices in Our Web Applications

bSuperior System Ltd. builds custom web applications and security is a key factor in our developing process. How to make our web application more secure is in our frequently asked question list. We use the following server and network securities in our application development and deployment. And we recommend any other web application developer to follow these guidelines.

  • All communications between client and server should be encrypted. Port 443 (SSL) can be opened up on the server and port 80 (un-encrypted port) to be closed. This will help communications will be encrypted.
  • The following layer of security can be added
    • Firewall: It blocks abusing the system such as hacking.
    • VPN: This acts like an access card to server to do maintenance and updates.
  • All unnecessary services can be removed from server. Only required services are recommended to be setup such as,
    • Web
    • Database
    • SSL
  • In addition, file system (partitions) can get encrypted.
  • IP address checking is another layer of security. A web application can be locked down by IP address for admin and other users with significant permission. i.e. admin can only access to the application from their office. This is helpful in case their password is stolen by Key Loggers. With a stolen password, a hacker cannot login to the application because their IP is different from admin’s office IP address.
  • Two factor identification
  • Encrypted database
  • Backing up your records off server and deleting them from database routinely. Hackers won’t spend time to hack a server with not much usable information.
  • Audit logs all interactions with the system is another security layer. Any unwanted interaction can be determined by reviewing the logs.

These links are intended to be references and “cheat sheets” for how to code securely in PHP and the top ten coding vulnerabilities to watch out for. Both resources will form the basis of the security code assessments.

Leave a Reply

Your email address will not be published. Required fields are marked *