Security of websites!

NewGenMarketing · October 12, 2010, 6:32pm

hi all!
i am looking for some good tips to implement the security of website. How can one protect personal information online?

rguy84 · October 12, 2010, 6:37pm

Do you mean of people’s names, e-mail adresses, numbers, etc? or credit card info?

NewGenMarketing · October 15, 2010, 4:17pm

Thanks a lot for the suggestion. I am reading

NewGenMarketing · October 13, 2010, 4:17pm

anything on my website, like how can i protect my websites from hacker to make sure that no one misuse data available on website. what is the main loopholes from which a website can be used illegally.

Aleksejs · October 13, 2010, 6:02pm

If we take formal approach - then first you have to create, implement and maintain security policy for your website.
This is very broad subject you are talking about. I suggest you read through “resources on web application security” that is pinned in this subforum and decide what exactly you have in mind.

jewin · November 2, 2010, 2:45am

Why not scan your site for vulnerabilities with something like http://www.hostingarmor.com/? There’s a free scanner available. After that, it would just be up to you to alert your host of any vulnerabilities found; but at least you would have a comprehensive and up to date list.

WeWatch · November 3, 2010, 3:36pm

have been at outdated software. Mostly software like phpMyAdmin, osCommerce and software like that.

We see the log files for thousands of websites and hackers are constantly scanning for vulnerable versions of website software.

You have to keep your software updated and you have to follow the security guidelines for all software.

Of course, hackers are still getting in through stolen FTP passwords as well.

system · November 4, 2010, 6:00am

Website security is most likely today’s most under-rated aspect of securing the application and database. Hackers are concentrating all their efforts on web-based applications - forms, login pages, shopping carts etc., Any security at network level will provide no protection against web application attacks since they are launched on port 80. checks your web applications for SQL Injection, XSS & other web vulnerabilities and assists you in securing your web applications. This, message will be helpful for you. Keep safe against hackers.

Srator · November 4, 2010, 9:16am

good habbits of surffing,update yr sys and the Security software:lol:

idealtech · November 18, 2010, 2:48am

some of the security terms to be considered.
for example - should not allow any special characters in input box, if allowed <?, then it has big security hole.

ceejay77 · December 9, 2010, 10:14pm

I have been told about free virus protection AVG and Avira I have been using now for months and have had no problem at all,worth checking out.

Spartinman · December 20, 2010, 3:31pm

what about setting file permissions for security on your server? Should everyone be using a certain permissions for files in the main directory of your server on a website?

Aleksejs · December 21, 2010, 11:15am

Permissions are just one of means how to increase/decfrease security.
Relatively safe and straightforward policy: give as low permission levels as possible. That applies not only to file system permissions, but also to DB access permissions and access to other services/applications.

For example:
The web-application should not be able to modify itself. It means that the user with whom web application is running should have only read (or execute, depending on type of system) permission to files, but not write/modify. It means, that you should have separate accounts for application management tasks (i.e. uploading/modifying application files) and for running application itself.

samdonna · January 7, 2011, 6:19am

Hi!
You should also update your PHP as often as possible- that’s because there are constant updates and patch releases of PHP to keep it secure. With the latest secure versions your site will be protected from any possible bugs from the earlier versions.

system · February 23, 2011, 7:17am

• Keep Your Versions Updated
• Beef Up Your Passwords
• Lock Down Your File Permissions
• Mind Your Links
• Use FTPS For Transfers
• Use SSL To Send Emails
• Make Sure Your Web Host Runs suPHP
• Speaking of Hosts
• Look Beyond Shared Hosting
• Be Savvy

DmitryS · February 25, 2011, 2:52am

never put sensative information in cookies specially cookies that are not encrypted.
avoid putting sensative information in sessions.
in secure site areas use ssl signature.

byronhbrown · March 9, 2011, 3:46pm

Here are some few ways to strengthen your site’s security:

Run every input through PHP’s addslashes method
Remove Flash and JavaScript from Input
Secure your password

itscolumn · May 31, 2011, 3:34pm

If you are looking to secure your users’ credential, do you want to have secure database? If not, you need to watch out for those sql injection, xss, csrf, good session management to protect your user’s credential

SPMuthu · June 14, 2011, 8:13am

Some web host has some features to guard our website. So, you can add those security features and it takes some extra charge.

Spartinman · June 14, 2011, 9:17pm

heh… check out what the lulzsec hackers are doing with sites now. Makes you think twice about your sites security. But then again, I think they are finding whoever may be vulnerable to begin with.