加强node.js / nginx
[英]Hardening node.js/nginx
问题描述
For PCI requierements I need to hardening a node.js app or nginx server but I only found guides for IIS, Tomcat, operative systems, etc. here you will find the available guides . 
对于PCI需求,我需要强化node.js应用程序或nginx服务器,但我只找到了IIS,Tomcat,操作系统等的指南 , 在这里你会找到可用的指南 。 My questions are: 我的问题是:
- It's possible to hardening node.js? 可以强化node.js吗?
- It's possible to hardening a nginx server? 是否可以强化nginx服务器?
- Is there any official documentation or trustworthy out there? 那里有官方文件还是值得信赖的?
1 个解决方案
解决方案1
0 2017-06-19 08:28:48
For example dev-sec provides nginx hardening roles for puppet, ansible etc... 例如, dev-sec为puppet,ansible等提供nginx强化角色......
To harden a nodejs server the same principles should apply as hardening tomcat. 要强化nodejs服务器,应该将相同的原则应用为强化tomcat。 PCI-DSS lists a couple of things you need to do: PCI-DSS列出了您需要做的几件事:
- Disable all unnecessary services. 禁用所有不必要的服务
- Leave only the necessary ports open. 只保留必要的端口。 etc. 等等
First make sure you develop your application according to best practises from a security point of view. 首先,请确保从安全的角度根据最佳实践开发应用程序。 For instance, SSL/TLS, CSRF, Error handling, use SNYK or similar, as described here . 例如,SSL / TLS,CSRF,错误处理,使用SNYK或相似,如所描述这里 。
Talk to your QSA about the requirements. 与您的QSA讨论要求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.