How to check website security?

K

Konstantin2021-09-27 10:46:42

Information Security

Konstantin, 2021-09-27 10:46:42

We are developing a site with an exchange from 1C.
The question is how to check the security of the site for hacking or data leakage?

At the moment, I approached this issue in the following way.
All services are divided into containers, user authorization is not on the cms side, the exchange is closed by double authorization with filtering by ip address, passwords for users from 8 characters of different case and special characters, filtering input data on forms, data typing in the exchange using ORM to work in the database .
Additionally, the code is scanned by SonarQube and at the beta stage, scanning will be carried out through OwaspZap.

What additional can be used to minimize the possibility of data merging?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Alexey Ukolov, 2021-09-27
@SatanaKonst

Order a comprehensive security audit.

U

Uncle Seryozha, 2021-10-02
@Protos

Install WAF, there are also free ones

K

Konstantin, 2021-10-08
@webmaster

https://qna.habr.com/q/933705#answer_1870361

R

Ruslan, 2021-11-06
@msHack

There are a lot of vulnerability scanners