New to the list are security misconfiguration and unvalidated redirects and forwards. Security misconfiguration is prevalent today, as are unvalidated redirects and forwards. Web redirects typically steer users to other pages and sites, and when the data for the destination pages isn’t properly validated, users can be redirected to phishing or malware sites by attackers.
Sword & Shield’s Director of Risk & Compliance Dave Shackleford explains how to configure the authorization and manager permissions on Microsoft’s IIS 7 Web server in an article for Search Security’s Tech Target.
Microsoft’s IIS 7 Web server is a capable piece of software with numerous features for developers and administrators alike. As with any server, IIS is often brought online without careful consideration of security needed for authentication, site details and numerous other aspects of these systems. This can happen anytime a new application is developed or purchased, new Web-based services need to be offered, or during testing of applications or Web-based products. By carefully configuring IIS 7 before deployment, specifically with the delegation of administration, organizations stand to improve security significantly. Let’s explore IIS authorization and access control options that can be configured to help improve the security of your IIS 7 implementation.
Read the rest of the article here. Free registration is required.