1. Deny anonymous users access to key folders (e.g. keep bad guys out from reconing your admin, config, debug, and other folders)
2. Disable client RSS feeds (this prevents bad guys from getting access to modify or see sensitive data)
3. Secure the file upload functionality (e.g. disable execute permissions, apply a strong and strict filter, etc.
4. Improve the security of the website folder (e.g. move non-web folders like data and indexes out of the web root)
5. Increase login security (e.g. enable HTTPS and disable auto-complete)
6. Limit access to certain file types (e.g. block access to your configuration files, transformation files, etc.)
7. Protect PhantomJS (e.g. get rid of this tool, it's generally not needed but could be used against you)
8. Protect media requests (e.g. only allow server generated requests to be processed on images)
9. Remove header information from responses sent by your website (e.g. remove response headers to prevent information leakage)
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.