NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Completed<br />
Acti<strong>on</strong><br />
No directories have both write and execute permissi<strong>on</strong>s<br />
All executable files are placed in a dedicated folders<br />
SSIs are disabled or the execute functi<strong>on</strong> is disabled<br />
All user input is validated<br />
<strong>Web</strong> c<strong>on</strong>tent generati<strong>on</strong> code should be scanned or audited<br />
Dynamically created pages do not create dangerous metacharacters<br />
Character set encoding should be explicitly set in each page<br />
User data should be scanned to ensure it c<strong>on</strong>tains <strong>on</strong>ly expected input, (e.g.,<br />
a-z, A-Z, 0-9); care should be taken with special characters or HTML tags<br />
Cookies should be examined for any special characters<br />
Encrypti<strong>on</strong> mechanism is used to encrypt passwords entered through scripts<br />
forms<br />
For <strong>Web</strong> applicati<strong>on</strong>s that are restricted by username and password, n<strong>on</strong>e of<br />
the <strong>Web</strong> pages in the applicati<strong>on</strong> should be accessible without executing the<br />
appropriate login process<br />
All sample scripts are removed<br />
No third-party scripts or executable code are used without verifying the<br />
source code<br />
6-20