How do I make my application secure?


I have worked for many years in a bank. There were 300+ servers providing internet services. Security was a top priority as you can imagine.

Every incoming or outgoing communication was carefully inspected and needed authorization.

A day the Shark begun to send distress signals. The Shark has nothing to do with the fish. It’s the codename of the IBM ESS, Enterprise Storage Server, which is a SAN system offering, in our installation, 600 GB of storage over fibre optic.

The Shark was getting broken and sending diagnostic messages to Montpellier, France where IBM has a centralised remote support for SAN systems.

The problem was that those messages weren’t reaching their destination because the authorization to send them hadn’t been given yet.

The bank’s data-centre was a goldmine of security solutions: firewalls, intrusion detectors, anti-virus scanners, passwords changing every minute, permission policies, and cryptography to protect credit card numbers.

Wifi was forbidden because it didn’t satisfy the high security levels required by the bank even if protected by security protocols like WPA and WPA2.

More recently, I use Drupal’s solutions for security and apply security patches to the operating system. I prefer Linux to Windows for servers because it’s much safer.

When I connect to a server I never use ftp, only sftp, and ssh instead of telnet.