A web shell is a malicious script that masquerades as a legitimate file and provides a backdoor into your server. Because they mimic proper files on your system, its often difficult to determine that an attack has occurred. NSA guidance from the US National Security Agency and the Australian Signals Directorate offers techniques to detect and prevent web shell malware from affecting web servers. Use a zero-trust model, which focuses on the following concepts: identity provider keeps track of users, device directory maintains a list of devices that have access to corporate resources.”]