Security Standards For Websites
By Liam Debevec & Johan Franco-Campos

General Tips



  • Strong Passwords
    • Necessary for both users and businesses
    • Password Rotation
  • Update Software!
    • Out of Band Updates (OOB)
  • Require two-factor verification for users
    • Can stop data from leaking due to users

HTTP VS. HTTPS

  • HTTP (hyper text transfer protocol) is what allows the browser to load the webpage from the server. It is a core element of the internet. (port 80)
  • HTTPS is a more secure version of HTTP which has has SSL(TLS). SSL(Secure Sockets Layer) is an encryption protocol. (port 443)
SSL(Secure Sockets Layer) encrypts communication between the website and the browser, stopping hackers from getting access to information being transmitted back and forth over the internet.

Website Security Tools

  • Web Application Firewall
    • Protects from SQL Injection
    • Monitors traffic, blocks traffic and filters
  • Scanners
    • Scans web tools and services for malware.
    • Can also detect vulnerabilities like outdated software.
  • Security Headers
    • Harder to expose client-side vulnerabilities

Social Engineering

  • Phishing
    • fake websites or emails tricking you into revealing compromising information.

Best Practices

  • Protections in place like firewalls
  • Encryption of sensitive data
  • Using multifactor authentication or biometrics
  • Making sure access control is in order
  • Use tools that are secure