Professional Documents
Culture Documents
Website Security Checklist: Protect Your Website in 2021
Website Security Checklist: Protect Your Website in 2021
Website Security Checklist: Protect Your Website in 2021
2021
1
What Why
1. Ensure sitewide SSL Encrypt website traffic
2. Verify the SSL certificate Stay on top of expiration and trust
3. Use SHA256 encryption Use the best encryption
4. Disable insecure cipher suites Shore up vulnerabilities in SSL
5. Obscure header info Keep your configurations private
6. Enable HTTP Strict Transport Security Disallow unencrypted traffic
7. Use HttpOnly cookies Prevent scripts from reading cookie data
8. Use secure cookies Disallow unencrypted transmission of cookies
9. Secure the web server processes Use best practice configurations
10. Ensure form validate input Prevent form mishandling
11. Protect against SQL injection Prevent form exploits
12. Protect against DoS Maintain service through an attack
13. Regularly test configurations Make sure the steps above stay true
2
because SHA1 support will be removed from most browsers in 2017. Encryption standards will continue
to change as ways are found to crack existing standards and more secure methods are developed.
3
account, local, unless the web server needs to access domain resources. This user should not be an
administrator (or worse a domain admin) and should have file access only to what is necessary. Doing
this prevents a compromised web server from further compromising other resources by isolating and
restricting the account the web server uses.
There are many other steps that can be taken to protect against threats to a web server, but by
following these 13, you should be resilient against all of the most common vulnerabilities. Furthermore,
by integrating these practices into development and operations duties, companies can build a habit of
4
security. Finally, by routinely testing configurations, companies can track changes and address security
problems before they are exploited.
Visit: www.zimcybersecurity.co.zw
Email: admin@zimcybersecurity.co.zw