Reputation: 33
General website technical security
When you have the following protections
- XSS protection
- SQL injection protection
- CSRF protection
- Session on serverside (database)
- Anti spam Captcha (+- effective)
What are the technical threats remaining, that I am not aware of, to be considered?
Also, how to help against attacks on the MAX specs of the machines (HDD spaces, max bandwith, max processor power, etc))
I understand that I can only limit one client's repetitive behaviours, but if that client is controling other clients then the threat scale horizontally and my protection is completly useless. Any way to deal with this?
Upvotes: 1
Views: 74
Answers (1)
Reputation: 67019
It looks like you have address less than half of the OWASP TOP 10. Most importantly Insecure Direct Object Reference and insufficient transport layer protection because these are very commonly used by attackers. Also don't forget about Clickjacking.
Upvotes: 2