Do:
Great Tips found around the web for securing your online data:
Enable Security Controls: Unlike older databases, the newer databases require passwords to gain full access to the stored data. Often when the databases are shipped, none of the security features are enabled. Make sure you check the security controls and enable all of the features before allowing anyone access to the database.
No Comments »According to CSP Daily News the PCI Security Standards Council has just introduced the plan for Version 2.0 of its PCI standards which are due to take effect in October of 2010.
Version 2.0 of PCI DSS and PA-DSS do not introduce any new major requirements. Key updates, clarifications and guidance include: Read the rest of this entry »
No Comments »Typically, the first step on the road to hacking a particular site is knowing all there is to know about that site, including what type of server it is hosted on. Server anonymization is a method of enhancing the security of a host by removing the ability of hackers and other intruders to get identifying information about a system, such as the vendor and version of its OS and any applications that might be running on it. This kind of information is enormously useful to people or programs that access hosts with malicious intent. Read the rest of this entry »
No Comments »Information Leakage and Improper Error Handling
Information leakage and improper error handling happen when web applications do not limit the amount of information they return to their users. Web applications have the potential of leaking information about the version of web server (IIS, Apache, etc..) you are running, operating system, patch levels, and name and versions of web applications (PHP, SSL, SQL) your site may be utilizing. This in itself is an important lack of security, but showing detailed error bugs or debug code is as well.
Read the rest of this entry »
