Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Rodriguez FINAL PROJECT: WEB SERVER SECURITY.

Published byHarry Lane Modified over 9 years ago

Similar presentations

Presentation on theme: "David Rodriguez FINAL PROJECT: WEB SERVER SECURITY."— Presentation transcript:

1 David Rodriguez FINAL PROJECT: WEB SERVER SECURITY

2 Introduction: Web server security: Changing platforms  In the past only html code -required a lot of coding hours to maintain  Content Management Systems emerged (CMS) – reduced coding time significantly  CMS’s are database driven (developers store more data)  CMS’s are far more functional and lend themselves to more activity.  CMS’s have a large group of 3 rd party developers (software can be vulnerable).  CMS platform vulnerabilities are widely known.

3 Introduction: Web server security: Front line risks  Web Servers are:  Generally out of the box most insecure platform  Available for hacking all the time  Good gateway into more sensitive areas  Generally have databases residing on the server or connected to the server  Increased customer functionality can provide PII  Many more risks

4 Introduction: Web server security: Information Gap  There are many resources that can be identified that will address very specific areas of risk. However, not many can be found regarding the entire holistic security coverage of a web server.

5 Introduction: Web server security: Information Gap  The information gap is due to a few reasons:  First: It’s a SECURITY ISSUE.  Second: It’s a living.  Third: It changes all the time.

6 Introduction: Web server security: Areas of Protection  Physical Security  Network Level Security  vmWare Security  Operating System security  Web Server Security  Database Security  CMS Security  Application Security

7 Introduction: Web server security: Project of Focus: Server Suite  The real world project of focus for the report:  An agency needs to submit sensitive information via a html form and then import this information into a enterprise wide system.  The agency needs ad-hoc and scheduled reports on these submissions.  This entire process needs to be functional, flexible, secure, resilient.

8 Introduction: Web server security: Project of Focus: Server Suite

9 Introduction: Web server security: Backup Everything/Disaster Recovery/Logging  Backup needs to occur:  AT THE FILE LEVEL  AT THE DATABASE LEVEL  AT THE VMLEVEL  SAN SNAPHOTS  MULTIPLE ACCESSIBLE BACKUPS FOR EACH LEVEL  REMOTE SYNC LOCATION  LOG EVERYTHING AT EVERY LEVEL

10 Introduction: Web server security: Stay Active  AUDIT - Examine your web server configuration often  MAINTAIN – Establish maintenance activity processes/people  REVIEW – Establish a review process that covers auditing/maintenance. Review need periodically to make sure server is organizationally needed.

11 Introduction: Web server security: Questions ??

Download ppt "David Rodriguez FINAL PROJECT: WEB SERVER SECURITY."

Similar presentations

© Copyright 2007 Exempler Telecom Test Automation System Exempler - We pride ourselves with providing lightweight robust engineering solutions.

© Copyright 2007 Exempler Telecom Test Automation System Exempler - We pride ourselves with providing lightweight robust engineering solutions.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,

The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.

© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.
MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.

MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.
Welcome Windows SharePoint Service 3.0. Craig Carpenter MCSE, MCT Director, Combined Knowledge.

Welcome Windows SharePoint Service 3.0. Craig Carpenter MCSE, MCT Director, Combined Knowledge.
June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.

June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as email address Email address will.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.

WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network security policy: best practices

Network security policy: best practices
Security issues for mobile devices Cvetko Andreeski.

Security issues for mobile devices Cvetko Andreeski.
Storage Refresh Project Migration of Enterprise Leased Shares Websites Home Directory Service.

Storage Refresh Project Migration of Enterprise Leased Shares Websites Home Directory Service.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
For more notes and topics visit:

For more notes and topics visit:

Similar presentations

Ads by Google