Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

July 7, 2014

Keep your website safe

Cyber breaches continue to make the news on a weekly basis but UK businesses rely more and more on their websites for e-commerce and customer interaction. So it has never been more relevant to ensure these are trusted, safe and operational.

The following 10 steps form the cornerstone of what is required to establish a secure website and e-commerce strategy. A more detailed guide is also available, which expands upon each recommendation in turn. Please click at the foot of this page to download our 'CST Best Practice Guide to Website Security.'


Protect your customer's entire website visit by deploying SSL on all your web pages.


Build customer trust with the green browser bar by using SSLcCertificates with extended validation to secure public facing web servers and display recognised trust marks in highly visible locations on your website.


Watch for attempted connections to known malicious or suspicious hosts from your servers.


Implement physical security to protect your assets from theft.


Use separate test signing and release signing infrastructures.


Be sure to get your digital certificates from an established, trustworthy Certificate Authority who demonstrates excellent security practices.


Defend you website - malware infection, cyber-attacks & threat propagation. Scan you website daily for malware infection. Ensure any file transfer to or from your web site are scanned prior to the file being stored or processed.

Undertake regular vulnerability assessments and periodic penetrating testing of web servers and web applications to detect exploitable conditions. Use encryption to store and transfer sensitive data processed to and from web site.


Lock down key system resource to prevent inadvertent or malicious changes to resist Website defacement and confidential data loss. Consider solutions that provide File Integrity Monitoring (FIM), system hardening and host intrusion detection.


Plan and protect for distributed denial of service (DDoS) attacks, such as volumetric, application and state exhaustion.


Monitor your infrastructure for network intrusions, propagation attempts and other suspicious traffic patterns.

Download the full CST Best Practice Guide to Website Security