web hosting security
Results 1 to 4 of 4

Thread: web hosting security

Hybrid View

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    15

    web hosting security

    Hi,

    I hope this is the right forum to post this query. We are software development company. We plan to host some web solutions for our customers at our data center. I would like to know what the security considerations (like regular Vul. assesement/Pen tests, patching systems etc) that needs to be taken into account before hosting any web applications at our data center. We are planning to have a policy for the same. Any web based resources could be useful.

    Thanks.

  2. #2
    Banned
    Join Date
    Jan 2008
    Posts
    605
    disable_functions=exec, passthru, shell_exec, system, proc_open, popen, pcntl_exec, ftp_exec, fopen, fgets, curl_exec, curl_multi_exec, escapeshellarg, escapeshellcmd

    This was people are allowed to upload, even use includes... but as far as web based shells go its a moot point.

  3. #3
    Junior Member
    Join Date
    Apr 2011
    Posts
    1
    Did you try nerdyhost. It has some wonderful features

  4. #4
    Junior Member
    Join Date
    Apr 2004
    Location
    United States
    Posts
    24
    Alot depends on what you'll actually be hosting. For example:

    For PHP stuff:
    Read through the guides here:http://phpsec.org/projects/guide/
    Also take a look at: http://www.hardened-php.net/suhosin/

    For ASP/.NET stuff:
    You'll have to google that yourself as I don't touch Microsoft stuff

    General advice:

    I also recommend having an external 3rd part security and vulnerability scanner run regularly against your external IPs. There are several out there... I know Mcafee offers some, there is also Security Metrics, or if you're doing it on the cheap side and have the man power, set up your own nessus scanner (http://tenable.com/products/nessus). Which many of the 3rd party companies that offer external scanning end up using in some way or another themselves.

    And obviously try to follow standard security polices like correct app tier separation with egress and ingress filtering etc... If you find yourself placing database servers in your web/external zone you're doing something wrong.

    That's my 2c anyway.
    Last edited by ABS; April 11th, 2011 at 11:18 PM.

Similar Threads

  1. 30 security holes in Oracle
    By SDK in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: August 5th, 2004, 06:13 PM
  2. Ethical Hacker Certification
    By apollovega in forum Newbie Security Questions
    Replies: 41
    Last Post: July 29th, 2004, 04:21 AM
  3. Microsoft plans Windows overhaul to fight hackers
    By tekno in forum Microsoft Security Discussions
    Replies: 61
    Last Post: October 15th, 2003, 07:51 AM
  4. NEWS: This weeks security news
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: September 25th, 2002, 08:53 PM
  5. Latest SANS Update
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 29th, 2002, 09:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides