How to Improve Your Web Security

There are plenty of web security controls that can be implemented to prevent the risks created by web access.

Below is a list of activities that will help improve an organization’s web security.

Web Filtering

Web filtering, while being a subset of web security, is in itself quite broad and there are various controls one can put in place to secure an environment, including:

Keyword filtering

Despite being basic and not very effective, keyword based filtering can be an option for a first line of defence, although the downside is that it can cause a large number of false positives and false negatives.

web security

Image Credit: Salvatore Vuono

Category Filtering

More effective and efficient than keyword filtering, category filtering allows you to decide the type of sites that are allowed or blocked.

Reputation Filtering

While most web categorization companies cover a large number of sites, it is important to remember that new sites are being created all the time, some of which may be pretty obscure.  These new and obscure sites might not be categorized when an employee visits them and thus you need an extra layer of security to cater for such cases. Beyond simple obscurity, just because a site belongs to a certain category it doesn’t make it safe, and this is where reputation comes into play. Category-based filtering adds good value to your web security measures but together with reputation makes it much more effective.


There are a number of benefits when you monitor different aspects of your network and system, such as:


In all cases of monitoring you are ultimately looking for anomalies, therefore monitoring bandwidth can actually provide security benefits. For example, if you see a bandwidth usage spike during the weekend, when no outgoing bandwidth traffic is expected, it is a clear indication of malware running on your network.

Policy adherence

While having employees occasionally attempt to access prohibited sites is expected, if this happens frequently it’s important to look into the reasons why. It could be a sign that policies are too restrictive; however, it could also mean that an employee is trying to access prohibited content such as copyrighted material or hacking tools.

File Transfer Control

There are many controls that one could use to ensure that files being transferred in and out of the organization are safe. Some of these methods include:

Blocking file types and File Identification

Denying certain files, such as documents and spreadsheets, from leaving the company can help maintain confidentiality. Likewise, denying executables can protect against malware. Obviously for this to work your web security solution needs to be able to identify the real file type of any file. If web security is simply based on the file extension, then circumventing this is simple thus rendering the policy ineffective.

Checking files for viruses

Whenever a file is downloaded it is important that it is checked for viruses before allowing the employee to access the file.

Any good web security solution will provide most, if not all, of the functionality required to implement each one of the suggestions above, substantially boosting an organization’s level of web security.


About the Author: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more on what to include in your web security strategy.

All product and company names herein may be trademarks of their respective owners.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Secure Your Web Browser Now
  2. 7 Biggest Risks from Not Using Internet Monitoring Software
  3. How to Improve Web Application Security


  1. ProjectX says:

    Well these are only the basics and might not totally improve your website security. The best way to secure a website is by familiarizing all the codes that your website is coded. For example you have a website that is coded with PHP, always make sure that you are using array_map and mysql_real_escape_string in order to prevent SQL Injection. Next is by securing the admin panel and putting .htacess in order to restrict other IP’s that will visit the website. Adding a Web Application Firewall may be of help although it can be bypassed but at lest you have one. And because most web servers today use Linux then the best way is t scan your server with a rootkit scanner since Linux is invulnerable to viruses but only rootkits like PHP backdoors.

  2. SSL Certificates says:

    great post but SSL point is missing. I think SSL Certificates are more effective to secure e commerce websites because its give 128 bit- 256 bit encryption data solution.

  3. Claire says:

    Great post, I dont think the author intended it to be a complete lockdown guide but some useful tips that people who are not that into web security (or even that interested in it!) could apply to their sites (like me!).


  4. Anna says:

    I think that your tips are of a great use for everyone, who use computer (that means literally everyone). And what would you recommend for the iPhone or HTC security?

  5. Thanks for sharing this. A great article a big help for me, keep up the great work.

    Take Care

  6. Hacker says:

    Thanks for this security tips. Also test your website for Top Vulnerabilities.
    Hacker recently posted..Facebook open Registration for Facebook’s 2012 Hackers CupMy Profile

  7. Eugene says:

    Great tips. Web security is very important as there’re a lot of hackers who’ll break your PC just for fun and you’ll get a lot of troubles.

  8. ITWorksSoftware says:

    To prevent employees from accessing prohibited sites, we’ve found OpenDNS to be invaluable. It’s free to use and offers logging and site filtering at the router level. I even use it on my home network. Keeps me from accidentally visiting malware or phishing sites.

  9. Christa Joe says:

    Web monitoring is quite a nice idea to monitor but I believe it would only be suitable for tech savvy’s but how can a normal person facilitate a safe browsing and web security session?

  10. Chris from hope scholarship says:

    There are also techniques that can be used by website owners. These would include firewalls on the site host; login controls (too many attempts equals lock out); notification of uploads; using chmod to ensure that files are read only.
    Chris recently posted..Petition to Save the Hope ScholarshipMy Profile

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)