SlideShare a Scribd company logo

HOWTO: Protect your websites/apps from cyber attacks

Download as PPTX, PDF
University of Toronto, profile picture
University of Toronto

The document provides guidelines for protecting websites from cyber attacks, emphasizing the importance of security plugins for Drupal and WordPress. Key recommendations include writing secure code, installing and configuring firewalls, using operating system security measures, and protecting user data through encryption. It also includes resources for monitoring vulnerabilities and best practices for maintaining security.

Internet
Related topics:
Information Security
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Protect your websites from cyber attacks April 27, 2017
HOWTO: Protect your websites/apps from cyber attacks
Overview Security plugins for Drupal and Wordpress Write code with security in mind Firewall Operating system security Web stack security Protect your user/client Questions and Answer
State of Cybersecurity The completely secure system doesn’t exist Balance between security and convenience
State of Cybersecurity
Really effective security plugins for Drupal and WordPress Drupal Security Module https://www.drupal.org/project/se curity WordPress Wordfence https://www.wordfence.com
Demo
Always write code with security in mind
Bad Example: Uoft.me alumni.utoronto.ca/?redir=http:// uoftimpactsurvey.ca
● Use both front-end and back-end input validation ● Always sanitize and escape user input (mysqli_real_escape_string) ● Always escape the output
Firewall Must install a firewall Enable it and properly configure it. Allow all IPs to access certain ports (80, 443) Allow certain IPs to access specific ports (22)
HOWTO: Protect your websites/apps from cyber attacks
Operating System security Two-factor authentication Use SSH and SFTP instead of regular FTP Use regular user accounts Keep your OS up-to-date Install security patches Edit /etc/hosts.allow file
HOWTO: Protect your websites/apps from cyber attacks
Web stack security Web Server Check config settings Enable access log and error log Back up log files Force HTTPS SQL Database Prevent SQL injection do not allow user input to be used in creating your SQL query
HOWTO: Protect your websites/apps from cyber attacks
Protect your end-users / clients Protect your end-users also protects you Encrypt the connections between you and your user Encrypt cookies, session variables, local storage, etc Make sure your app / site is standard compliant
Secure OS Secure DB Web server Secure code Firewall
HOWTO: Protect your websites/apps from cyber attacks
Resources WordPress ● WPScan Vulnerability Database: https://wpvulndb.com/ ● National Vulnerability Database: https://nvd.nist.gov/home ● Wordfence: https://www.wordfence.com/ Drupal ● Make sure your contrib / core is up-to-date ● Seckit: https://www.drupal.org/project/seckit ● Security Review: https://www.drupal.org/project/security_review ● Security Advisories: https://www.drupal.org/security ● Cybersecurity Best Practices: https://www.cisecurity.org/cybersecurity-best-practices/ ● Center for Internet Security: https://www.cisecurity.org/ ● Ubuntu Server Benchmark: https://benchmarks.cisecurity.org/tools2/linux/CIS_Ubuntu_14.04_LTS_Server_Benchmark_v1.0.0.pdf
Questions?

More Related Content

PDF
WordPress Security 2018
Adrian Mikeliunas
 
PDF
Reversing & malware analysis training part 1 lab setup guide
Abdulrahman Bassam
 
PDF
Manage Artifact Versioning, Security and Compliance
Eng Teong Cheah
 
ODP
Securing Your Moodle
moorejon
 
PPT
Web Security Programming I I
Pavu Jas
 
PPTX
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
Dan Vasile
 
PPT
BeStorm Introduction
Amit Shirolkar
 
PPTX
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Vasile
 
WordPress Security 2018
Adrian Mikeliunas
 
Reversing & malware analysis training part 1 lab setup guide
Abdulrahman Bassam
 
Manage Artifact Versioning, Security and Compliance
Eng Teong Cheah
 
Securing Your Moodle
moorejon
 
Web Security Programming I I
Pavu Jas
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
Dan Vasile
 
BeStorm Introduction
Amit Shirolkar
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Vasile
 

What's hot (18)

PPTX
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile
 
PPTX
Anatomy of Exploit Kits
securityxploded
 
PPTX
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
 
PDF
Reversing & malware analysis training part 7 unpacking upx
Abdulrahman Bassam
 
PDF
Identity Security - Azure Identity Protection
Eng Teong Cheah
 
PPTX
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
PDF
Mod Security
Abhishek Singh
 
DOCX
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Rajivarnan R
 
PDF
Should you be using WordPress as your web platform?
Nigel Harding
 
KEY
mod_security introduction at study2study #3
Naoya Nakazawa
 
PDF
Reversing & malware analysis training part 10 exploit development basics
Abdulrahman Bassam
 
PPTX
Reversing & malware analysis training part 1 lab setup guide
securityxploded
 
PPTX
Reversing malware analysis training part1 lab setup guide
Cysinfo Cyber Security Community
 
PPT
WordPress in the enterprise - can it work?
DMWMartin
 
PPT
WordPress Security Hardening
Timothy Wood
 
PDF
10 Steps to Secure Wordpress Sites
Aapna Infotech
 
PPTX
Venkasure Antivirus Pro
robinshaif
 
PPTX
Dll preloading-attack
Cysinfo Cyber Security Community
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile
 
Anatomy of Exploit Kits
securityxploded
 
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
 
Reversing & malware analysis training part 7 unpacking upx
Abdulrahman Bassam
 
Identity Security - Azure Identity Protection
Eng Teong Cheah
 
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
Mod Security
Abhishek Singh
 
Bypassing cisco’s sourcefire amp endpoint solution – full demo
Rajivarnan R
 
Should you be using WordPress as your web platform?
Nigel Harding
 
mod_security introduction at study2study #3
Naoya Nakazawa
 
Reversing & malware analysis training part 10 exploit development basics
Abdulrahman Bassam
 
Reversing & malware analysis training part 1 lab setup guide
securityxploded
 
Reversing malware analysis training part1 lab setup guide
Cysinfo Cyber Security Community
 
WordPress in the enterprise - can it work?
DMWMartin
 
WordPress Security Hardening
Timothy Wood
 
10 Steps to Secure Wordpress Sites
Aapna Infotech
 
Venkasure Antivirus Pro
robinshaif
 
Dll preloading-attack
Cysinfo Cyber Security Community
 
Ad

Similar to HOWTO: Protect your websites/apps from cyber attacks (20)

PPTX
Anatomy of a Build Pipeline
Samuel Brown
 
PPTX
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Eric Vanderburg
 
PPTX
7 Ways to Stay 7 Years Ahead of the Threat
IBM Security
 
PDF
Drupal Security Basics for the DrupalJax January Meetup
Chris Hales
 
PDF
Tips on Securing Drupal Sites
cgmonroe
 
PPT
Quick Tips for Server Security
Alister Loxton
 
PPTX
Security misconfiguration
Jiri Danihelka
 
PDF
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
MSHOWTO Bilisim Toplulugu
 
PPTX
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
PDF
WordPress Architecture for Tech-Savvy Managers
Mario Peshev
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v2.pptx
FernandoVizer
 
PPTX
Windows azure overview for SharePoint Pros
Usama Wahab Khan Cloud, Data and AI
 
PDF
Doing Drupal security right
Gábor Hojtsy
 
PPTX
Making Security Agile
Oleg Gryb
 
PPTX
VB2013 - Security Research and Development Framework
Amr Thabet
 
PPTX
Locking down word press
Zachary Russell
 
PDF
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
PDF
Tips on Securing Drupal Sites - DrupalCamp Atlanta (DCA)
cgmonroe
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPT
Microsoft Operating System Vulnerabilities
Information Technology
 
Anatomy of a Build Pipeline
Samuel Brown
 
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Eric Vanderburg
 
7 Ways to Stay 7 Years Ahead of the Threat
IBM Security
 
Drupal Security Basics for the DrupalJax January Meetup
Chris Hales
 
Tips on Securing Drupal Sites
cgmonroe
 
Quick Tips for Server Security
Alister Loxton
 
Security misconfiguration
Jiri Danihelka
 
Windows Server 2016 ile İşlerinizi Daha Güvenli Gerçekleştirin!
MSHOWTO Bilisim Toplulugu
 
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
WordPress Architecture for Tech-Savvy Managers
Mario Peshev
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
FernandoVizer
 
Windows azure overview for SharePoint Pros
Usama Wahab Khan Cloud, Data and AI
 
Doing Drupal security right
Gábor Hojtsy
 
Making Security Agile
Oleg Gryb
 
VB2013 - Security Research and Development Framework
Amr Thabet
 
Locking down word press
Zachary Russell
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
Tips on Securing Drupal Sites - DrupalCamp Atlanta (DCA)
cgmonroe
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Microsoft Operating System Vulnerabilities
Information Technology
 
Ad

Recently uploaded (20)

PPTX
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
PPTX
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
Internet___Basics___Styled_ presentation
poonam62133
 

HOWTO: Protect your websites/apps from cyber attacks

  • 1. Protect your websites from cyber attacks April 27, 2017
  • 3. Overview Security plugins for Drupal and Wordpress Write code with security in mind Firewall Operating system security Web stack security Protect your user/client Questions and Answer
  • 4. State of Cybersecurity The completely secure system doesn’t exist Balance between security and convenience
  • 6. Really effective security plugins for Drupal and WordPress Drupal Security Module https://www.drupal.org/project/se curity WordPress Wordfence https://www.wordfence.com
  • 8. Always write code with security in mind
  • 10. ● Use both front-end and back-end input validation ● Always sanitize and escape user input (mysqli_real_escape_string) ● Always escape the output
  • 11. Firewall Must install a firewall Enable it and properly configure it. Allow all IPs to access certain ports (80, 443) Allow certain IPs to access specific ports (22)
  • 13. Operating System security Two-factor authentication Use SSH and SFTP instead of regular FTP Use regular user accounts Keep your OS up-to-date Install security patches Edit /etc/hosts.allow file
  • 15. Web stack security Web Server Check config settings Enable access log and error log Back up log files Force HTTPS SQL Database Prevent SQL injection do not allow user input to be used in creating your SQL query
  • 17. Protect your end-users / clients Protect your end-users also protects you Encrypt the connections between you and your user Encrypt cookies, session variables, local storage, etc Make sure your app / site is standard compliant
  • 18. Secure OS Secure DB Web server Secure code Firewall
  • 20. Resources WordPress ● WPScan Vulnerability Database: https://wpvulndb.com/ ● National Vulnerability Database: https://nvd.nist.gov/home ● Wordfence: https://www.wordfence.com/ Drupal ● Make sure your contrib / core is up-to-date ● Seckit: https://www.drupal.org/project/seckit ● Security Review: https://www.drupal.org/project/security_review ● Security Advisories: https://www.drupal.org/security ● Cybersecurity Best Practices: https://www.cisecurity.org/cybersecurity-best-practices/ ● Center for Internet Security: https://www.cisecurity.org/ ● Ubuntu Server Benchmark: https://benchmarks.cisecurity.org/tools2/linux/CIS_Ubuntu_14.04_LTS_Server_Benchmark_v1.0.0.pdf