This paper will demonstrate how through the implementation of a well thought-out hosting name and URL referencing convention can provide a sizable contribution to an organisations defence-in-depth posture.
Host and URL naming conventions are an issue that is often overlooked by organisations when they are developing web applications, but poorly thought out naming conventions can be exploited by an attacker. This paper will show how by applying some simple changes to the host naming conditions you can make an attacker’s job considerably more difficult.