Hi guys,
After having made multiple small/medium level web application and hosted them in IIS. I have learned certain actions we can take while hosting to make a web application secure. They are as below.
1) Prevent Clickjacking
In order to prevent clickjacking add the below to configuration > system.webServer > httpProtocol > customHeaders in web.config.
<add name="X-Frame-Options" value="sameorigin" />
2) To prevent clients knowing what options the server is serving (unless you want them to know) add the below to configuration > system.webServer > httpProtocol > customHeaders in web.config.
<add name="X-Content-Type-Options" value="nosniff" />
3) To prevent CSS attacks add the below to configuration > system.webServer > httpProtocol > customHeaders in web.config.
<add name="X-XSS-Protection" value="1" />
4) Make sure you are using https (TLS) whenever you can.
5) Go to your website/web application click on Http Response Headers then remove X-Powered-By
header. This will prevent potential hackers knowing which technology you are using.
6) Making sure your servers using strong encryptions and strong SSL/TLS . You can check this with the IISCrypto tool.
7) If you have used JQuery, bootstrap in your applications make sure to upgrade them. This will prevent potential hackers from exploiting the vulnerabilities within them.
8) Make sure all your important cookies are marked as secure.
Comments
Post a Comment