Summary

The article was published with permission from Sophos Plc.

This document describes common methods of attacking web servers, as well as various methods of protecting web servers and the hosted sites.

Author: Chris Mitchell, SophosLabs Australia

Translation: Artem Konev

Contents

  1. Introduction

  2. Basic security principles

    1. Internet Information Services (IIS)

    2. Apache HTTP Server

    3. PHP and MySQL

    4. Active Server Pages (ASP)

    5. Safety

  3. External web hosting

    1. Common dedicated hosting

    2. Virtual dedicated hosting

    3. Dedicated hosting

  4. Secure design

    1. Cookies

    2. Authentication

    3. Components, libraries, and add-ons

    4. Log files

  5. Ensuring the code safety

    1. SQL injection

    2. XSS (cross site scripting)

  6. How easy is it?

  7. Further reading