While it sounds like it might help, changing the ports that your web application runs on doesn't add that much security-wise (it's the idea of "security through obscurity"). In fact, I'd go so far to say that changing the ports to something non-standard for web applications could cause more problems than help anything as a lot of services and software just assume 80 and 443 as the ports to use.
The "Disable Remote Code Execution" section is a bit confusing (it looks like maybe formatting got messed up somewhere), but you seem to be misusing the term "remote code execution" (RCE). RCE is a security vulnerability where the attacker can use functionality in your software to run their own code on your system. You can't "disable" this as it's not really a feature. There also seems to be some overlap between this section and the ideas in the "Check Third Party Libraries Before Use" section.
In "Don't Run Admin Tools on Production Servers" you mention SQL injection vulnerabilities but connect it to the attacker having the database credentials. SQL injection is when a security flaw in the software (web application) is used to execute user-defined SQL, not via direct database access.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi there, nice article - just a few thoughts:
While it sounds like it might help, changing the ports that your web application runs on doesn't add that much security-wise (it's the idea of "security through obscurity"). In fact, I'd go so far to say that changing the ports to something non-standard for web applications could cause more problems than help anything as a lot of services and software just assume 80 and 443 as the ports to use.
The "Disable Remote Code Execution" section is a bit confusing (it looks like maybe formatting got messed up somewhere), but you seem to be misusing the term "remote code execution" (RCE). RCE is a security vulnerability where the attacker can use functionality in your software to run their own code on your system. You can't "disable" this as it's not really a feature. There also seems to be some overlap between this section and the ideas in the "Check Third Party Libraries Before Use" section.
In "Don't Run Admin Tools on Production Servers" you mention SQL injection vulnerabilities but connect it to the attacker having the database credentials. SQL injection is when a security flaw in the software (web application) is used to execute user-defined SQL, not via direct database access.