SitePoint Sponsor

User Tag List

Results 1 to 22 of 22
  1. #1
    SitePoint Zealot
    Join Date
    Jun 2010
    Location
    CA
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    security of websites!

    hi all!
    i am looking for some good tips to implement the security of website. How can one protect personal information online?

  2. #2
    SitePoint Wizard rguy84's Avatar
    Join Date
    Sep 2005
    Location
    Durham, NC
    Posts
    1,659
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Do you mean of people's names, e-mail adresses, numbers, etc? or credit card info?
    Ryan B | My Blog | Twitter

  3. #3
    SitePoint Zealot
    Join Date
    Jun 2010
    Location
    CA
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    anything on my website, like how can i protect my websites from hacker to make sure that no one misuse data available on website. what is the main loopholes from which a website can be used illegally.

  4. #4
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If we take formal approach - then first you have to create, implement and maintain security policy for your website.
    This is very broad subject you are talking about. I suggest you read through "resources on web application security" that is pinned in this subforum and decide what exactly you have in mind.

  5. #5
    SitePoint Zealot
    Join Date
    Jun 2010
    Location
    CA
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot for the suggestion. I am reading

  6. #6
    SitePoint Member jewin's Avatar
    Join Date
    Sep 2010
    Location
    Maryland
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why not scan your site for vulnerabilities with something like http://www.hostingarmor.com/? There's a free scanner available. After that, it would just be up to you to alert your host of any vulnerabilities found; but at least you would have a comprehensive and up to date list.

  7. #7
    SitePoint Enthusiast
    Join Date
    May 2010
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    have been at outdated software. Mostly software like phpMyAdmin, osCommerce and software like that.

    We see the log files for thousands of websites and hackers are constantly scanning for vulnerable versions of website software.

    You have to keep your software updated and you have to follow the security guidelines for all software.

    Of course, hackers are still getting in through stolen FTP passwords as well.

  8. #8
    Non-Member Jeff Collision's Avatar
    Join Date
    Oct 2010
    Posts
    225
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Website security is most likely today's most under-rated aspect of securing the application and database. Hackers are concentrating all their efforts on web-based applications - forms, login pages, shopping carts etc., Any security at network level will provide no protection against web application attacks since they are launched on port 80. checks your web applications for SQL Injection, XSS & other web vulnerabilities and assists you in securing your web applications. This, message will be helpful for you. Keep safe against hackers.

  9. #9
    SitePoint Member Srator's Avatar
    Join Date
    Nov 2010
    Location
    China
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smile

    Quote Originally Posted by Jeff Collision View Post
    Website security is most likely today's most under-rated aspect of securing the application and database. Hackers are concentrating all their efforts on web-based applications - forms, login pages, shopping carts etc., Any security at network level will provide no protection against web application attacks since they are launched on port 80. checks your web applications for SQL Injection, XSS & other web vulnerabilities and assists you in securing your web applications. This, message will be helpful for you. Keep safe against hackers.
    good habbits of surffing,update yr sys and the Security software

  10. #10
    SitePoint Member idealtech's Avatar
    Join Date
    Nov 2010
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    some of the security terms to be considered.
    for example - should not allow any special characters in input box, if allowed <?, then it has big security hole.

  11. #11
    SitePoint Member
    Join Date
    Apr 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have been told about free virus protection AVG and Avira I have been using now for months and have had no problem at all,worth checking out.

  12. #12
    SitePoint Zealot Spartinman's Avatar
    Join Date
    Nov 2009
    Location
    Florida USA
    Posts
    197
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what about setting file permissions for security on your server? Should everyone be using a certain permissions for files in the main directory of your server on a website?

  13. #13
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Permissions are just one of means how to increase/decfrease security.
    Relatively safe and straightforward policy: give as low permission levels as possible. That applies not only to file system permissions, but also to DB access permissions and access to other services/applications.

    For example:
    The web-application should not be able to modify itself. It means that the user with whom web application is running should have only read (or execute, depending on type of system) permission to files, but not write/modify. It means, that you should have separate accounts for application management tasks (i.e. uploading/modifying application files) and for running application itself.

  14. #14
    SitePoint Enthusiast
    Join Date
    Nov 2010
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi!
    You should also update your PHP as often as possible- that's because there are constant updates and patch releases of PHP to keep it secure. With the latest secure versions your site will be protected from any possible bugs from the earlier versions.

  15. #15
    Non-Member
    Join Date
    Mar 2010
    Posts
    46
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Keep Your Versions Updated
    Beef Up Your Passwords
    Lock Down Your File Permissions
    Mind Your Links
    Use FTPS For Transfers
    Use SSL To Send Emails
    Make Sure Your Web Host Runs suPHP
    Speaking of Hosts
    Look Beyond Shared Hosting
    Be Savvy

  16. #16
    SitePoint Enthusiast DmitryS's Avatar
    Join Date
    Feb 2011
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by NewGenMarketing View Post
    hi all!
    i am looking for some good tips to implement the security of website. How can one protect personal information online?
    never put sensative information in cookies specially cookies that are not encrypted.
    avoid putting sensative information in sessions.
    in secure site areas use ssl signature.

  17. #17
    SitePoint Enthusiast byronhbrown's Avatar
    Join Date
    Mar 2011
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face

    Here are some few ways to strengthen your site's security:
    1. Run every input through PHP's addslashes method
    2. Remove Flash and JavaScript from Input
    3. Secure your password

  18. #18
    SitePoint Member itscolumn's Avatar
    Join Date
    May 2011
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are looking to secure your users' credential, do you want to have secure database? If not, you need to watch out for those sql injection, xss, csrf, good session management to protect your user's credential
    Last edited by Mittineague; May 31, 2011 at 13:12. Reason: removing unnecessary link - newbie free-pass

  19. #19
    SitePoint Enthusiast
    Join Date
    May 2011
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some web host has some features to guard our website. So, you can add those security features and it takes some extra charge.

  20. #20
    SitePoint Zealot Spartinman's Avatar
    Join Date
    Nov 2009
    Location
    Florida USA
    Posts
    197
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    heh... check out what the lulzsec hackers are doing with sites now. Makes you think twice about your sites security. But then again, I think they are finding whoever may be vulnerable to begin with.

  21. #21
    SitePoint Enthusiast
    Join Date
    May 2011
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are into reading and in a DIY state of mind I would start here:
    Introduction - owasp-development-guide - OWASP Development Guide - Google Project Hosting
    OWASP is a large community for web application security.
    As you can see from the guide, there is a lot to consider.

    As other people mentioned, it is not a bad practice to scan your web site (assuming you know how to fix the issues).

    If your web site is commercial, you might want to consider products or services that can help you protect your site.
    If you web site is non commercial like a blog or forum, there are a couple of free services that can help you secure your web site.
    If you are seeking a product/service I can recommend some.

  22. #22
    SitePoint Enthusiast
    Join Date
    Nov 2009
    Posts
    37
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by byronhbrown View Post
    Here are some few ways to strengthen your site's security:
    1. Run every input through PHP's addslashes method
    PHP's addslashes does nothing to increase a websites security. In fact peoples reliance on addslashes leads people to create websites that are less secure. It doesn't take into account character sets so it can be hacked to inject sql using multi-byte character sets.

    The correct way to escape would be to use the database specific escape functions provided by PHP such as mysql_real_escape_string, mysqli_real_escape_string, or use PDO parametrized queries.
    phpSiteMinder - website backup and file integrity monitoring.
    Been hacked? phpSiteScanner can help you clean your site up.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •