1) | Protect your customer's entire website visit by deploying SSL on all your web pages. |
2) | Build customer trust with the green browser bar by using SSLcCertificates with extended validation to secure public facing web servers and display recognised trust marks in highly visible locations on your website. | 3) | Watch for attempted connections to known malicious or suspicious hosts from your servers. | 4) | Implement physical security to protect your assets from theft. | 5) | Use separate test signing and release signing infrastructures. |
| 
|
|
6) | Be sure to get your digital certificates from an established, trustworthy Certificate Authority who demonstrates excellent security practices. |
7) | 
| Defend you website - malware infection, cyber-attacks & threat propagation. Scan you website daily for malware infection. Ensure any file transfer to or from your web site are scanned prior to the file being stored or processed.
Undertake regular vulnerability assessments and periodic penetrating testing of web servers and web applications to detect exploitable conditions. Use encryption to store and transfer sensitive data processed to and from web site. |
|
8) | Lock down key system resource to prevent inadvertent or malicious changes to resist Website defacement and confidential data loss. Consider solutions that provide File Integrity Monitoring (FIM), system hardening and host intrusion detection. |
9) | Plan and protect for distributed denial of service (DDoS) attacks, such as volumetric, application and state exhaustion. |
10) | Monitor your infrastructure for network intrusions, propagation attempts and other suspicious traffic patterns. |
