Every second somewhere , some company has lost their 2 yr worth Data , Code, Intellectual Property or 3rd party license to some unknown Hacker ! – So how do you intend to protect it ?
Here are 5 simple rule(s) that will help you the bend on road without falling off
Validate your Inbound Ports♦
Port 22 is the most useful port for entire development community, Yet This is major backdoor for all Hackers to steal the data in minutes. So the only way to ensure this is by having an INBOUND IP RANGE / PARTICULAR IP have access and not the entire WEB !
Admin Module of Web logic / Tomcat ♦
Admin modules can help you deploy the code / change root paths / change datasource properties at ease, Remember this is the same for hackers as well. All those default Users in tomcat-users.xml or weblogic-users.xml have a default password and hackers are more aware of this ! So first things first :
a) Change the username and password for all the default accounts as first thing, disable all unwanted roles and privileges that aren’t used.
b) Once App goes to Testing – DISABLE MANAGER / ADMIN MODULE. COMMAND LINE DEPLOYMENTS ARE ALWAYS SAFER
Set up a Passphrase for the Private Key and Safeguard it.
Always having a passphrase / passcode to prviate key is an extra bit of security to the entire gamut. Remember A Good Front Gate can stop many things to for attempting get inside.
Hackers don’t get into our AWS server to look into our coding practices / vulnerabilities, they are here to exploit, violate and most importantly STEAL the DATA from us.So here are top 3 things we should do to safe gaurd our data:
1. Customer Schema should have be encrypted (Data At Rest and Data At Motion)
2. Passwords should never be able to decrypted – they should only compared (the decrypted values)
3. Not Storing the PASSWORD to the DB as Plain Text in your application.properties or db.properties [If they are encrypted and stored in your .class or .mdb files of your .Net Applications] they are safer.
1. Passing of form data in the url (eg: http://myapp.com/customer_id=1023) – Boom !! You are lost in the woods already, Many Fortune 100 companies have lost there data atleast once because of this poor development habit.
2. Showing Complete Exception details on the screen i.e. Showing the technical details of the server , database , table name on the screen during an exception.
3. Most Importantly : Text Fields should know what they are meant for and should allow only those text characters only, Special Chars and SQL Injection poses as the No # 1 Threat. Recently a FMCG company lost 100K Customer information when their forgot password (email text box) as simple as it.
Thanks and Stay Tuned for More – Techuva Solutions Pvt Ltd.