HKCert
Security Guideline

Guideline of Web Application Security Preventive Measures

Release Date: 09 / 07 / 2013
Last Update: 07 / 08 / 2018

Web application developer should take the below preventive measures to protect their web application.

 

10 Security Preventive Measures

  1. Follow HKCERT website for latest updates
  2. Ensure user use strong password and provide two-factor authentication
  3. Use web application firewall
  4. Restrict access and protect web admin login page
  5. Change all default application passwords and remove all unused third parties' application libraries
  6. Validate user supplied inputs in the web applications
  7. Separate the Web servers and Database servers
  8. Implement SSL / TLS in the web applications
  9. Perform static code scanning during development and perform penetration testing and vulnerability scanning regularly
  10. Continuous monitor on application traffic and log analysis

For more information: https://www.hkcert.org/my_url/en/guideline/18061501