This page lists the ACSC’s publications on the protection of services that can be accessed via the World Wide Web.
Implementing Certificates, TLS, HTTPS and Opportunistic TLS
Protecting Web Applications and Users
This document provides advice for web developers and security professionals on how they can protect their existing web applications by implementing low cost and effective security controls which do not require changes to a web application’s code. These security controls when applied to new web applications in development, whether in the application’s code or server configuration, form part of the defence-in-depth strategy.