hi all!
i am looking for some good tips to implement the security of website. How can one protect personal information online?
| SitePoint Sponsor |
hi all!
i am looking for some good tips to implement the security of website. How can one protect personal information online?
anything on my website, like how can i protect my websites from hacker to make sure that no one misuse data available on website. what is the main loopholes from which a website can be used illegally.
If we take formal approach - then first you have to create, implement and maintain security policy for your website.
This is very broad subject you are talking about. I suggest you read through "resources on web application security" that is pinned in this subforum and decide what exactly you have in mind.
Thanks a lot for the suggestion. I am reading
Why not scan your site for vulnerabilities with something like http://www.hostingarmor.com/? There's a free scanner available. After that, it would just be up to you to alert your host of any vulnerabilities found; but at least you would have a comprehensive and up to date list.
have been at outdated software. Mostly software like phpMyAdmin, osCommerce and software like that.
We see the log files for thousands of websites and hackers are constantly scanning for vulnerable versions of website software.
You have to keep your software updated and you have to follow the security guidelines for all software.
Of course, hackers are still getting in through stolen FTP passwords as well.
Website security is most likely today's most under-rated aspect of securing the application and database. Hackers are concentrating all their efforts on web-based applications - forms, login pages, shopping carts etc., Any security at network level will provide no protection against web application attacks since they are launched on port 80. checks your web applications for SQL Injection, XSS & other web vulnerabilities and assists you in securing your web applications. This, message will be helpful for you. Keep safe against hackers.
good habbits of surffing,update yr sys and the Security softwareOriginally Posted by Jeff Collision
some of the security terms to be considered.
for example - should not allow any special characters in input box, if allowed <?, then it has big security hole.
I have been told about free virus protection AVG and Avira I have been using now for months and have had no problem at all,worth checking out.
what about setting file permissions for security on your server? Should everyone be using a certain permissions for files in the main directory of your server on a website?
Permissions are just one of means how to increase/decfrease security.
Relatively safe and straightforward policy: give as low permission levels as possible. That applies not only to file system permissions, but also to DB access permissions and access to other services/applications.
For example:
The web-application should not be able to modify itself. It means that the user with whom web application is running should have only read (or execute, depending on type of system) permission to files, but not write/modify. It means, that you should have separate accounts for application management tasks (i.e. uploading/modifying application files) and for running application itself.
Hi!
You should also update your PHP as often as possible- that's because there are constant updates and patch releases of PHP to keep it secure. With the latest secure versions your site will be protected from any possible bugs from the earlier versions.
• Keep Your Versions Updated
• Beef Up Your Passwords
• Lock Down Your File Permissions
• Mind Your Links
• Use FTPS For Transfers
• Use SSL To Send Emails
• Make Sure Your Web Host Runs suPHP
• Speaking of Hosts
• Look Beyond Shared Hosting
• Be Savvy
never put sensative information in cookies specially cookies that are not encrypted.
avoid putting sensative information in sessions.
in secure site areas use ssl signature.
Here are some few ways to strengthen your site's security:
1. Run every input through PHP's addslashes method
2. Remove Flash and JavaScript from Input
3. Secure your password
If you are looking to secure your users' credential, do you want to have secure database? If not, you need to watch out for those sql injection, xss, csrf, good session management to protect your user's credential
Last edited by Mittineague; May 31, 2011 at 13:12. Reason: removing unnecessary link - newbie free-pass
PHP's addslashes does nothing to increase a websites security. In fact peoples reliance on addslashes leads people to create websites that are less secure. It doesn't take into account character sets so it can be hacked to inject sql using multi-byte character sets.
The correct way to escape would be to use the database specific escape functions provided by PHP such as mysql_real_escape_string, mysqli_real_escape_string, or use PDO parametrized queries.
phpSiteMinder - website backup and file integrity monitoring.
Been hacked? phpSiteScanner can help you clean your site up.
Some web host has some features to guard our website. So, you can add those security features and it takes some extra charge.
heh... check out what the lulzsec hackers are doing with sites now. Makes you think twice about your sites security. But then again, I think they are finding whoever may be vulnerable to begin with.
If you are into reading and in a DIY state of mind I would start here:
Introduction - owasp-development-guide - OWASP Development Guide - Google Project Hosting
OWASP is a large community for web application security.
As you can see from the guide, there is a lot to consider.
As other people mentioned, it is not a bad practice to scan your web site (assuming you know how to fix the issues).
If your web site is commercial, you might want to consider products or services that can help you protect your site.
If you web site is non commercial like a blog or forum, there are a couple of free services that can help you secure your web site.
If you are seeking a product/service I can recommend some.
Posting Permissions
Reply With Quote
Bookmarks