June 7, 2010
Information-technology Promotion Agency, Japan (IPA), headed by chairman Koji Nishigaki, has released the 4th edition of How to Secure Your Web Site, which aims to support web site developers and administrators to implement appropriate security into their web site, on June 7, 2010.
How to Secure Your Web Site is a guideline for web site developers and administrators to implement appropriate security into their web site. It has been developed based on the vulnerability-related information reported to IPA and covers the most-reported and high-impact vulnerabilities.
Chapter 1 "Web Application Security Implementation" addresses 9 types of vulnerabilities, including SQL injection, OS command injection and cross-site scripting, and discusses threats these vulnerabilities may pose and the characteristics of the web sites that might be most susceptible to these vulnerabilities. It also provides fundamental solutions that aim to eliminate the vulnerability altogether and mitigation measures that try to mitigate the damage of attacks exploiting the vulnerability.
Chapter 2 "Approaches to Improve Web Site Security" addresses 6 topics, including web server security and anti-phishing measures, and discusses how to improve the security of the web sites mainly from operational perspective such as the use of a WAF (Web Application Firewall).
Chapter 3 picks up 6 types of vulnerability addressed in Chapter 1 and presents case studies, illustrating what may happen to the vulnerable web sites with code examples, what is wrong with them and how to fix them.
How to Secure Your Web Site Japanese Edition has been downloaded more than 1,800,000 times since its publication of the 1st edition in January 2006. IPA hopes it will help the readers improve their web site security.
This document can be downloaded at:
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)