From: Jamie Riden (jamie.riden@gmail.com)
Date: Tue Jan 22 2008 - 14:07:01 EST
IMHO:
* code audit
* mod_security for your app.
* publish an SPF record if you're sending email
* keep an eye on the logs for "hotlinking" - e.g. a phishing site
linking your images directly.
In general you can't stop phishing attacks because your site will not
be involved. A user will be going to the blackhat's site and entering
their details - nowhere near your server.
Presumably you have an HTTPS cert? But few people check them unfortunately.
(You might do better asking on the securityfocus webappsec list.)
cheers,
Jamie
On 22 Jan 2008 06:37:37 -0000, mahendra_yn@yahoo.com
<mahendra_yn@yahoo.com> wrote:
> Hi all,
>
> I need to harden a web application which is hosted in a datacentre.I need to monitor the webapplication 24/7.I also need to ensure that there would be no phising attacks on this website,I know there are a couple of 3rd party web application firewalls available which can do all this,but the question is will the datacentre allow me to do this-as a 3rd party service provider?if it doesnt allow then what are the other best options available for me.
-- Jamie Riden / jamesr@europe.com / jamie@honeynet.org.uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT