Help Wanted!

If you are reading this you are the SitePoint member we’re looking for.

The SitePoint forums are currently working on improving the sticky threads. Much work has already been done towards this goal within the “Program Your Site” team. And we are acutely aware of some of their problems. But so far what has been done has been limited to the ideas of team members. So here’s how you can help:

Do you find the stickies in this forum helpful?
Do you consider any of the content erroneous or out-of-date?
Does the content lack any information that you think would be helpful?
Could they be organized better?

In other words, we want your opinions and suggestions so we can improve the “Program Your Site ~ Web Security” sticky threads.

We can’t guarantee that all suggestions will be followed, but I personally guarantee that all will be seriously considered.

So don’t be shy, please reply.

Many Thanks from the SitePoint Programming Team

I like the stickies. They do help and are normal for any forum. However, if anything stickied is out of date it can then be unstickied right?

I’m glad you like them. Hopefully you’ll like the “new and improved” ones even better.
Yes, unstickying is one of the possible ways we will deal with the old ones once the new ones are finished.

The stickies are good, but i have to say i miss more stuff about problem solving after you’ve discovered a security issue.

Most people starts to dig into security when they suddenly discovers a security leak / problem. These people needs to start diagnosing what could cause the security issue and how to fix it, - as their system is already up running.
This is very important.

So i would like to see more checkpoints about this. It would benefit both the forums, and it’s members hugely. But no fluff, - only quality content of course.

I would also like to see some (good) articles about these topics, as it would (in my opinion) only provide positive benefits to the whole community :wink:

Crazybanana, so you’d like to see more of intrusion/extrusion detection for beginners and code/configuration analysis & forensics for beginners?

I like to see some more info / checklist and suggestions on what to do after you discover a security issue…

people come here for help when they have a problem, and if there were some good info/suggestions/checklists/guides on how to deal with certain types of problems it would be great.

not too much tech, as it would soon be boring and useless. but quality content. things that’s helpfull to people and not just techie fluff

I noticed there’s a lot of information about how to code/secure/optimize this and that, but very little information about a less fun part of handling security - which is monitoring/maintaining the web platform’s health and overall activity. Currently I’m trying to find out what exactly is what I found in my web server’s access log but beyond this specific thing I feel the need of a general guide to web server security. Of course, with some examples.

The sticky I’d like to see here would answer most of the following questions:

1. What makes a secure/vulnerable web server?
General security guidelines and platform-specific information would be great.

2. How can an administrator use log monitoring in detecting and anticipating intrusions?
Explaining the log structure and referencing log analysis software would help a lot.

3. Which tools are best to use in a web app/server in order to complement the regular logs of the web server?

4. What are the (best) ways to monitor a web server’s capacity?

5. What are the most common practices in avoiding web server congestion?

6. Which are the best techniques/tools to protect the web server/app against flood/(D)DOS/etc?