A couple of ways I setup security for my websites include:
TLS certificates
Enabling HSTS where I can
Removing any "HTTP" content
Setting up DMARC, DKIM, and SPF
Enabling DNSSEC
Removing unnecessary comments from code
There's a lot more to unpack here depending on the type of stack you use for your website and the libraries or plug-ins it uses. Seems like you would have to have a way to break this down by platform to do things like scanning for vulnerable javascript libraries, checking input boxes for SQLinjections and XSS vulnerabilities, etc.
Sure thing! Happy to try and dive deeper into these if that is something you are interested in that. I have done consulting on things like this in the past for individual sites as well.
I'm also assuming your product is providing remediation information as a part of how to fix the findings at whatever level they are discovered at (code/library changes, web server level, DNS, etc.) Some of these findings may not be "fixable" if, say, your hosting provider doesn't support DNSSEC yet.
You can also scan your website Code and Cloud using Code Scanners/Static analysis. This should be integrated ideally in your Secure SDLC (Software Development Lifecycle), possibly in CI/CD (Continous Integration/Continous Delivery). You can try https://betterscan.io P.S I am the creator. Feel free to DM if you will have any questions.
A couple of ways I setup security for my websites include:
There's a lot more to unpack here depending on the type of stack you use for your website and the libraries or plug-ins it uses. Seems like you would have to have a way to break this down by platform to do things like scanning for vulnerable javascript libraries, checking input boxes for SQLinjections and XSS vulnerabilities, etc.
Hi Mike,
Thank you for sharing your knowledge regarding securing website!
Appreciate your help!
Sure thing! Happy to try and dive deeper into these if that is something you are interested in that. I have done consulting on things like this in the past for individual sites as well.
I'm also assuming your product is providing remediation information as a part of how to fix the findings at whatever level they are discovered at (code/library changes, web server level, DNS, etc.) Some of these findings may not be "fixable" if, say, your hosting provider doesn't support DNSSEC yet.
You can also scan your website Code and Cloud using Code Scanners/Static analysis. This should be integrated ideally in your Secure SDLC (Software Development Lifecycle), possibly in CI/CD (Continous Integration/Continous Delivery). You can try https://betterscan.io P.S I am the creator. Feel free to DM if you will have any questions.