Geek Answers Handbook

Various security measures for websites (HTTP headers, etc.)

This is a slightly open question, and I apologize for that. But I think it is useful, and I hope that it will not be closed.

I am working on a site that processes highly sensitive content, and I try to make it as secure as possible.

Just now, I came across the X-Frame-Options HTTP header, with which I can reject the page that will be displayed inside the frame , and thus prevent clickjacking on my page.

Is there some kind of link you can offer that contains a complete list of all the security measures I should be aware of (e.g. SSL (of course), HTTP headers such as Strict-Transport-Security and X-Content-Security-Policy , client side AES- Encryption, ...)?

Are there other (possibly less well-known) security features that you think are relevant to me to watch (for example, is it possible to block plugins, prevent bookmarklets, disable proxy browsers such as Opera Mini, ...)?

I hope that the answers to this question together will lead to a useful checklist to make sure that I (and others) do not miss any important security features to protect the content.

+4
source share
2 answers

Start with the Open Web Application Security Project of the 10 most vulnerable documents . If you can take the necessary measures to avoid the vulnerabilities described there, you will be safer than the vast majority of sites. After that, it may be time to get help from security experts, do some penetration testing, look to fix more obscure vulnerabilities, etc.

+2
source

For the HTTP Headers aspect of the question, check out the secure HTTP slide headers and Mozilla Developer Network Securing your site .

Here are some specific HTTP response headers

Please note that different browsers and their versions have different levels of support, therefore, in addition to secure and httponly cookies, your IE7 users may not see any benefit.

+2
source

More articles:


All Articles