This page lists publications on the hardening of services that can be accessed via the World Wide Web.
Implementing Certificates, TLS, HTTPS and Opportunistic TLS
Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.
Protecting Web Applications and Users
This publication provides advice for web developers and security professionals on how they can protect their existing web applications by implementing low cost and effective controls which do not require changes to a web application’s code. These controls when applied to new web applications in development, whether in the application’s code or server configuration, form part of the defence-in-depth strategy.
Quick Wins for Your Website
Small business account for over 95% of all businesses in Australia and 72% of them have a website. However, in a world in which websites are increasingly being targeted by cyber criminals, only 36% check for updates every week. For those small businesses with a website, or that are considering one, these three quick wins will help you protect your money, data and reputation.
Securing Content Management Systems
This publication outlines strategies for identifying and minimising the potential risk to web servers using Content Management Systems (CMS). The intended audience is individuals responsible for developing and securing websites or web applications using CMS.