Our company and at least one other 4D developer have recently been hit with our customers doing a security scan of our 4D based web applications.
In this particular case, they are using a service from "Qualys" that throws everything, including the kitchen sink at our web application. In a lot of these cases, they are running these scans internally, inside of their own network and behind their main firewall. (i.e. protection from mean, rotten, nasty, disgruntled employees that are doing bad things on their network) 4D Web server is not designed to handle many of the reported issues, such as DDOS attacks, "Slow HTTP Headers", etc. The cyber security teams at our customer sites are quite adamant that "we" need to handle all of this stuff. In most cases, saying: "No, we don't handle that, you need to handle it", falls on some pretty deaf ears. These cyber security teams live and breathe for the explicit life purpose of finding security holes, no matter how obscure and unlikely. Basic unquestioned attitude is "We find it, you fix it".... period. So, the "answer" is to put a firewall of some sort in front of our web application, i.e. likely on the same machine as our web server application. We don't have the staff resources to invest in the time it might take to get up to speed to handle all of these security issues and implementing a solution using, e.g. NGINX or Apache, or other. So, we are looking for someone who is quite proficient at setting up a solution using the above (preferably NGINIX ?, if this will do the trick), to handle whatever a scan from Qualys can throw at it. If you are that person, or know someone who is, please contact me off-line. Much appreciated. Randy Engle, Director XC2 Software LLC – XC2LIVE! ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
