Web Security Best Practice


To reduce the chance on this occurring, the following suggestions and best practice to improve your web security:

Use HTTPS on your website
web https Benefits of using HTTPS. HTTPS is a way to encrypt information that you send between a browser and a web server. This protects your website’s users from "man-in-the-middle"” attacks, where someone steals the information being sent to a website, like information or logins details.
Configure you webserver with HTTPS
      Get a certificate - A certificate is simply a paragraph of letters and numbers that only your site knows, like a really long password. When people visit your site via HTTPS that password is checked, and if it matches, it automatically verifies that your website is who you say it is – and it encrypts everything flowing to and from. If you don't have a certificate yet, you can get a free certificate in https://letsencrypt.org
    IIS server - To learn more see https://support.microsoft.com/en-us/help/324069/how-to-set-up-an-https-service-in-iis
    Apache server - To learn more see https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Correctly configure web security headers
web headersHTTP Response headers are name-value pairs of strings sent back from a server with the content you requested. They are typically used to transfer technical information like how a browser should cache content, what type of content it is, the software running on the server and much, much more. Increasingly, HTTP Response headers have been used to transmit security policies to the browser. By passing security policies back to the client in this fashion, hosts can ensure a much safer browsing experience for their visitors and also reduce the risk for everyone involved. Let's take a look at some more security based headers.
To learn more see https://www.globaldots.com/8-http-security-headers-best-practices

Hardening you HTTP response headers
The first step in hardening your HTTP response headers is looking at the additional headers you can utilise to make your site more secure. Outlined below, these headers give the browser more information about how you want it to behave with regards to your site. They can be used to deliver security policies, set configuration options and disable features of the browser you don't want enabled for your site. Once you have setup each header, check it using SecurityHeaders.io.

        The following are headers you can utilise to make your site more secure.
                Content Security Policy
                HTTP Strict Transport Security
                HTTP Public Key Pinning
                X-Frame-Options
                X-Xss-Protection
                X-Content-Type-Options
        To learn more see https://scotthelme.co.uk/hardening-your-http-response-headers  

Use strong and complex passwords
Consider a "pass phrase" rather than simply a password. Such a phrase should be relatively long – perhaps 20 characters or so and consist of seemingly random words strung together along with numbers, symbols and upper and lower case letters. Think of something that you can remember but others couldn’t guess that’s relatively long – perhaps 20 characters or so — using seemingly random words strung together along with numbers, symbols and upper and lower case letters.    
web passwordMake the password at least 12 characters long. The longer the better. Longer passwords are harder for thieves to crack. Include numbers, capital letters and symbols. Consider using a $ instead of an S or a 1 instead of an L, or including an & or %. Don’t use dictionary words. If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.

Keep your server up to date
Install latest service packs and security patches. Microsoft Update is the online extension of Windows that helps you keep your computer up-to-date. Microsoft Update includes updates from Windows Update and from Office Update, in addition to updates for other Microsoft products and for third-party device drivers. Use Microsoft Update to install updates for your computer’s operating system, software, and hardware.
To learn more see https://support.microsoft.com/en-us/help/311047/how-to-keep-your-windows-computer-up-to-date

Improve website performance
To learn more see https://scotthelme.co.uk/performance-cheat-sheet

Once done check your web security status on this website
see https://securityheaders.io

  • Home/
  • Articles/
  • Web Security Best Practice