1. Keep minimum number of resources online.
2. do password protection of internally accessed resources.
3. Do regular website scanning. Acunetix is one good tool.
4. Engage security consultants to do security audits. www.securityescape.com is one recommended by me.
5. Check folder permissions. use 755 as default permission.
6. Be very extra careful with uploading files.
7. Use WSO.php to understand damage possible if any file uploaded successfully.
8. Keep code and data separately. use php engine off on data folders.
2. do password protection of internally accessed resources.
3. Do regular website scanning. Acunetix is one good tool.
4. Engage security consultants to do security audits. www.securityescape.com is one recommended by me.
5. Check folder permissions. use 755 as default permission.
6. Be very extra careful with uploading files.
7. Use WSO.php to understand damage possible if any file uploaded successfully.
8. Keep code and data separately. use php engine off on data folders.
No comments:
Post a Comment