Redirects to legacy blog post.
All the following offerings that I’ve evaluated target different scenarios. I’ve listed the pros and cons for each of them and where I think they fit into a potential solution to monitor your web applications (I’m leaning toward NodeJS) and make sure they keep running.
At OWASP meetup, Christchurch, due to popular demand this presentation is being run again. Drawing from Kim's recent blog post "[Journey to Self Hosting](https://binarymist.wordpress.com/2014/11/29/journey-to-self-hosting/)" and many more resources for some high-level ideas about cloud solutions. Kim will discuss what's good and what's not good about "the Cloud".
In this 5 – 7 minute talk, Kim demonstrates (hands on) how easy it can be to compromise passwords using a collection of techniques. Kim discusses how most developers are failing at keeping their end users safe.
Redirects to legacy blog post.
The best time to install a HIDS is on a fresh install before you open the host up to the internet or even your LAN if it’s corporate. Of course if you don’t have that luxury, there are a bunch of tools that can help you determine if you’re already owned. Be sure to run one or more over your target system before your HIDS bench-marks it.
At CampJS, Melbourne, Australia: Join Kim in the exploration into an insightful set of steps he has learned, from an architectural perspective down to the zeros and ones. Also providing insights of how attackers of your systems think.
Saturn Architect Conference, Baltimore, MD, USA: Drawing from Kim's recent blog post "[Journey to Self Hosting](https://binarymist.wordpress.com/2014/11/29/journey-to-self-hosting/)" and many more resources for some high-level ideas about cloud solutions. Kim will discuss what's good and what's not good about "the Cloud".
Redirects to legacy blog post.
As part of the ongoing work around preparing a Debian web server to host applications accessible from the WWW I performed some research, analysis, made decisions along the way and implemented a first stage logging strategy. I’ve done similar set-ups many times before, but thought it worth sharing my experience for all to learn something from it and/or provide input, recommendations, corrections to the process so we all get to improve.
Redirects to legacy blog post.
There are quite a few other posts on this topic, but my set-up hasn’t been exactly the same as any I found, so I found myself using quite a few resources to achieve exactly what I wanted.
Redirects to legacy blog post. These are the steps I took to set-up and harden a Debian web server before being placed into a DMZ and undergoing additional hardening before opening the port from the WWW to it. Most of the steps below are fairly simple to do, and in doing so, remove a good portion of the low hanging fruit for nasty entities wanting to gain a foot-hold on your server-network.