Security Best Practice: Host Naming & URL Conventions

Contributed by Gunter Ollmann

A consideration often neglected by many organisations when rolling out new servers or developing web-based applications that will be accessible by Internet clients and customers is that of host and URL naming conventions. There are a number of simple steps that can be taken to strengthen the security of an environment or application making it more resilient to several popular attack vectors. By understanding how an attacker can abuse poorly thought out naming conventions, and by instigating a few minor changes, it is possible to positively increase the defence-in-depth stature of an environment.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet