Summary

This chapter has demonstrated some of the techniques you can use to maintain a safe environment for your Web server. All of these techniques relate to Web servers or Web programming in some way. Remember that these techniques are in addition to the techniques you use at the desktop and the LAN. The most important bit of information you can take with you from this chapter is that the hype surrounding Web security is just that. You can create a secure environment, but it requires preparation, maintenance, and vigilance.

Now that you have some new tips and techniques for maintaining Web server security at your fingertips, it’s time to put them into action. One of the first things I do when I start a new consulting job is create a threat summary. It’s a good practice to create and maintain a threat summary that reflects your risks. Make sure you include internal risks. Some of those users who look stupid really aren’t—they’re trying to ruin your day by damaging your network in some way.

Chapter 10 discusses an area of special importance for Web developers—your data. Yes, data is important to everyone, but Web applications can use data in ways that increase security risks. In many cases, the data source was designed for a LAN environment and doesn’t have the added security needed for a Web environment. For example, many Database Management Systems (DBMSs) provide adequate security, but they aren’t secure because the Database Administrator (DBA) is used to a LAN environment where the risks are fewer. Discover what you can do to reduce your data risks in Chapter 10.