
	Home > Ask the Software Quality Experts > Application Security Questions & Answers > The best way to secure a Web site

Ask The Software Quality Expert: Questions & Answers

EMAIL THIS

The best way to secure a Web site

EXPERT RESPONSE FROM: Caleb Sima

		Pose a Question

		Other Software Quality Categories

		Meet all Software Quality Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 29 March 2006
What is the best way to secure a Web site (Web server + application server + database server) from external threats? Between, ISA and Cisco PIX, what is the preferred method of protection?

EXPERT RESPONSE
Neither, actually. Those products are there for network layer protection. Some of them will offer some URL filtering on the device, but it will do very basic keyword matching and won't help you much in terms of Web application protection.

The proper way of securing a Web site is actually the hardest way -- secure development practices along with host and database hardening and proper configuration. Take a look at the secure development lifecycle message that a lot of companies are preaching. The methodologies that are taught are the best way of developing a secure Web application. Of course, if you are interested in an appliance, there are Web application firewall products that will do a much better job at protecting you from Web application attacks then ISA or PIX.

==================================
MORE INFORMATION
==================================

* Q&A with application security expert Herbert Thompson: Baking security into the SDLC better than bolting on later

* Tip: How to integrate security into your SDLC

* Featured Topic: Making a case for Web application firewalls

* Ask the Experts yourself: Our application security gurus are waiting to answer your questions.

Sound Off! -

Be the first to post a message to Sound Off!

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Building security into the SDLC (Software development life cycle)
	Web application security and the PCI DSS
	PCI DSS compliance: Web application firewalls (WAFs)
	PCI DSS compliance: The basics
	PCI DSS compliance: Code review
	PCI DSS compliance: WAF, code review or both?
	Application security careers have bright future
	Writing software requirements that address security issues
	Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
	PCI DSS compliance: Web application firewall or code review?
	Application security enters uncharted regions

Application Security

PCI DSS compliance: WAF, code review or both?

Application security careers have bright future

How to prevent anti-DNS pinning attacks

Open source application security testing tools

Java application security features and measures

Web application security testing basics

Password recovery with .NET 2.O using C#

Free load and performance testing tools

The most effective time to do security testing

Finding backdoor threats within applications

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy