Ask HN: How to secure a website? So I'm new to deploying apps to production, I'm curious of everything I need to do to make a website secure. As of now, I only know to setup SSL, I imagine there is more beyond that. |
Ask HN: How to secure a website? So I'm new to deploying apps to production, I'm curious of everything I need to do to make a website secure. As of now, I only know to setup SSL, I imagine there is more beyond that. |
-integrity -availability and -confidentiality
Of your server and app. For integrity, look for file integrity monitors (OSSEC is a good open source project that does that).
For availability: load balancers, ddos protection, auto scaling are all things to look for. Products like CloudFlare and Sucuri can do it in the cloud for you automatically.
For confidentiality, try isolating your server, setting up firewalls to deny all by default, restricting access, keeping it updated, etc.
thanks,
It's better to ask the same question on a <insert your programming language> forum or StackOverflow as most frameworks have countermeasures or configuration options included (salting password, inspecting HTTP headers, preventing SQL injection).
setup a fail2ban to update iptable rules to detect repeated hack attempts and ban their ip address.