One of or server is is exposed on internet. My boss has asked me to implement security .
A web based financial application is running on server which is implementing an SSL and form based authentication.Please suggest me how are the other ways to protect server as well as application.
posted 5 years ago
Security isn't something you can add after the fact, it's something that needs to be designed in from the start. If you developed the complete app without regard for security -except for what you mentioned- then you'll likely have some refactoring to do. The SecurityFaq lists a lot of the issues that needs to be addressed especially for web apps, including XSS and SQL injection.