

Ask HN: Pen-tested image/container/snapshot for cloud ssd server - bikamonki

Does any cloud hosting service offer a one-click install of instances with required stack (i.e. LAMP) that is also pen-tested (i.e. has been setup with best-practice&#x2F;common security guidelines). I am a dev but have no clue when it comes to infra security, so this one-click installs should already be secured for common threats, no?
======
grajaganDev
Ideally, such an install should include updated and patched versions of all
apps in the stack. However, many security holes are introduced by the code
being run on the stack - for example, writing a web app that is vulnerable to
SQL injection or cross site scripting(XSS). Since this code is written or
added post download, its not possible to pentest it pre-download. So it is
still up to the dev to sanitize user input, use parameterized queries, not run
the database as root, etc.

So for apps requiring a high degree of security, a pre-release pentest is a
good idea.

Please see: [https://stackoverflow.com/questions/60174/how-can-i-
prevent-...](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-
injection-in-php) for more.

