How to improve Website Security?
Results 1 to 5 of 5

Thread: How to improve Website Security?

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    How to improve Website Security?

    Hey,

    I am a newbie to most internet security issues but I have a small start up website and I was wondering if there was a way to stop hackers? Is there a way to stop hacking techniques such as Sql injection, cross-site scripting, brute force attacks, functional and navigational abuse, Http response splitting?

    I am somewhat familiar with web application firewalls and vulnerability scans.

    Thanks

    -HS

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by HelpSecure View Post
    Is there a way to stop hacking techniques such as Sql injection, cross-site scripting, brute force attacks, functional and navigational abuse, Http response splitting?
    Two words: code auditing. Preferably done by someone experienced. Rule of thumb is to NEVER trust ANYTHING sent by a client (browser). Filter on the stuff you want/need and remove everything else.

    I am somewhat familiar with web application firewalls and vulnerability scans.
    Firewalls won't help you as you need to punch a hole in it to allow traffic to your site. Vulnerability scans will only show you the most obvious failures.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Two words : Input Validation
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Banned
    Join Date
    Jan 2008
    Posts
    605
    A Waste of time considering you can get rid of entire features in php. Then you can prevent XSS issues and people from brute forcing web forms with maybe a three to eight line function in your scripts.

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    The first thing to do is make sure that you keep your software up to date and apply all security patches on a timely basis.

    You don't say, but if your site is hosted by a third party you need to be sure that they keep their hosting environment up to date as well. Plenty of big names have been embarrassed because their service provider let them down.

    As soon as a security patch is released it is safe to assume that there will be people out there writing exploits for the vulnerability (if they don't already exist) and looking for the low hanging fruit who were slow on the uptake.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. Best Security Websites
    By AngelicKnight in forum Newbie Security Questions
    Replies: 37
    Last Post: June 28th, 2004, 02:29 PM
  2. Microsoft plans Windows overhaul to fight hackers
    By tekno in forum Microsoft Security Discussions
    Replies: 61
    Last Post: October 15th, 2003, 08:51 AM
  3. CISSP Notes: Security Models: Access Control Models
    By MrLinus in forum The Security Tutorials Forum
    Replies: 4
    Last Post: October 11th, 2003, 04:22 AM
  4. NEWS: This weeks Security News 10/30/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: October 31st, 2002, 01:59 AM
  5. Testing the security of your Unix box
    By UberC0der in forum Security Archives
    Replies: 0
    Last Post: December 23rd, 2001, 12:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •