The following are countermeasures that can be used to prevent web server and web application attacks and remediate such vulnerabilities:
- Apply the latest (stable) patches and updates to the operating system and web applications.
- Disable any unnecessary services and protocols on web servers.
- Use secure protocols, such as support data encryption, wherever possible.
- If using insecure protocols, implement security controls to ensure that they are not exploited.
- Disable WebDAV if it's not being used by a web application.
- Remove all unused modules and applications.
- Disable all unused default accounts.
- Change default passwords.
- Implement security policies to prevent brute force attacks, such as lookout policies for a failed login attempt.
- Disable the serving of directory listings.
- Monitor and check logs for any suspicious activity.
- Implement digital certificates from trusted Certificate Authorities (CAs) and ensure that digital certificates are always up to date.
- Ensure data input validation and sanitization is implemented and tested regularly.
- Implement a Web Application Firewall (WAF).
These items are simply a summary of preventative measures that an IT professional can adapt; however, additional research will be required since, each day, new and more sophisticated threats and attacks are developed.