The article was published with permission of Sophos Plc.

This document describes common methods of attacking web servers, as well as various methods of protecting web servers and the hosted sites.

Author: Chris Mitchell, SophosLabs Australia

Translation: Artem Konev


  1. Introduction

  2. Basic security principles

    1. Internet Information Services (IIS)

    2. Apache HTTP Server

    3. PHP and MySQL

    4. Active Server Pages (ASP)

    5. Security

  3. External web hosting

    1. Common dedicated hosting

    2. Virtual dedicated hosting

    3. Dedicated hosting

  4. Secure design

    1. Cookies

    2. Authentication

    3. Components, libraries and add-ons

    4. Log files

  5. Ensuring the code safety

    1. SQL injection

    2. XSS (cross site scripting)

  6. How easy is it?

  7. Further reading