Today we see more and more websites being compromised, therefore it is vital that you do some sort of Security Audit to see if your Website or Webserver is vulnerable to hackers. There are two routes you can take depending on your budget. (1) You can pay a professional firm to do the audit or (2) You can do a basic security check yourself using FREE tools that are readily available on the Internet.
These are some basic steps to take to ensure your website is secure.
- Make sure the code and scripts and CMS are up-to-date.
- Make sure your server software (Apache, Lightspeed, NGINX) and OS are kept up-to-date .
- Limit the admin area or backend of your website to certain IP Addresses and enable 2FA if possible.
- Delete abandoned user accounts.
- Run a Security scan or Audit.
Some great reading in regards to the security of your website can be found at Mozilla's (yes the Firefox guy's) Web Security Cheatsheet located here. https://infosec.mozilla.org/guidelines/web_security#web-security-cheat-sheet.
If you have a dynamic IP Address and your IP changes quite often, you can use a VPN Service such as Private Internet Access and obtain a Dedicated Static IP Address (optional) that does not change. This will ensure that only you have access to the admin area of your website.
Do a Port Scan of your Webserver
If you host your own web server you should be doing a port scan to find out which ports are open to the public. If you are on a shared hosting environment you should get permission from your host to make sure you are allowed to do so. This could be somebody like Go-daddy, Bluehost or some other provider.
- https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
- https://hackertarget.com/nmap-online-port-scanner/
How to Perform a Security Audit of your Website
Following is a list of Websites you can use for free to perform a basic security check of your website and webserver. You should check your website with each one of these links to see if there are any areas you can improve in the security of your website or server. If you require any assistance is securing your environment, we at Clustered Networks would be happy to assist you. Our rates are listed below.
- https://securityheaders.com/
- https://sitecheck.sucuri.net/
- https://observatory.mozilla.org/
- https://pentest-tools.com/website-vulnerability-scanning/website-scanner
- https://www.dareboost.com/en
- https://www.immuniweb.com/websec/
- https://www.ssllabs.com/ssltest/
OWASP Top 10 2021 - Exploits in Websites
-
The OWASP Top Ten is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. It was started in 2003 to help organizations and developer with a starting point for secure development. Over the years it's grown into a pseudo standard that is used as a baseline for compliance, education, and vendor tools. More information can be found on their website at...
-
OWASP Top 10 Exploits - https://owasp.org/Top10/.
-
OWASP Cheatsheet Site - https://cheatsheetseries.owasp.org/
Summary
Performing a Security Audit of your website or webserver will not only give you some peace of mind, but will also prevent hackers from probing your website to see if there are any further vulnerablities. Once they determine that you are taking the necessary precautions to enhance security they will probably move on to easier targets they can exploit.
Clustered Networks
Located in Edmonton, AB Canada, Clustered Networks was Incorporated in 2001 and has offered Network / Internet and IT Consulting services for over 20 years. We offer personalized service! Call Us Today! - Click Here for our Contact Info
#securityaudit #webserver #security
