Confidentiality
- TLS
- Keys and Certs
- HTTPS
Least Privilege: - Only allow users to access the resources they need
- Prevent exposing unnecessary information about the server/application itself
File System Protection: - Set appropriate permission on web content, scripts and configuration files
- Prevent “file inclusion” vulnerabilities
Data Store Protection - Prevent unauthorized
Integrity
- Hash/Checksum/Message Digest
- Protect resources by requiring authentication
- Protect authentication credentials using secure technologies
Ensuring data doesn’t change: - Preventing man-in-the-middle attacks
Prevent File System Changes: - Monitor file-system for unauthorized changes
- Read-only permissions to web content whenever possible
Server-side script protections: - Prevent script execution when not needed
Other
- SElinux OS protection tools
- Security modules for web server (mod_security for apache)
- Denial of server protection
- Web-Application Firewall