-
July 20th, 2009, 06:57 PM
#1
Junior Member
How to improve Website Security?
Hey,
I am a newbie to most internet security issues but I have a small start up website and I was wondering if there was a way to stop hackers? Is there a way to stop hacking techniques such as Sql injection, cross-site scripting, brute force attacks, functional and navigational abuse, Http response splitting?
I am somewhat familiar with web application firewalls and vulnerability scans.
Thanks
-HS
-
July 20th, 2009, 07:17 PM
#2
Originally Posted by HelpSecure
Is there a way to stop hacking techniques such as Sql injection, cross-site scripting, brute force attacks, functional and navigational abuse, Http response splitting?
Two words: code auditing. Preferably done by someone experienced. Rule of thumb is to NEVER trust ANYTHING sent by a client (browser). Filter on the stuff you want/need and remove everything else.
I am somewhat familiar with web application firewalls and vulnerability scans.
Firewalls won't help you as you need to punch a hole in it to allow traffic to your site. Vulnerability scans will only show you the most obvious failures.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 20th, 2009, 08:05 PM
#3
Two words : Input Validation
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
July 21st, 2009, 01:34 AM
#4
A Waste of time considering you can get rid of entire features in php. Then you can prevent XSS issues and people from brute forcing web forms with maybe a three to eight line function in your scripts.
-
July 21st, 2009, 08:58 AM
#5
The first thing to do is make sure that you keep your software up to date and apply all security patches on a timely basis.
You don't say, but if your site is hosted by a third party you need to be sure that they keep their hosting environment up to date as well. Plenty of big names have been embarrassed because their service provider let them down.
As soon as a security patch is released it is safe to assume that there will be people out there writing exploits for the vulnerability (if they don't already exist) and looking for the low hanging fruit who were slow on the uptake.
Similar Threads
-
By AngelicKnight in forum Newbie Security Questions
Replies: 37
Last Post: June 28th, 2004, 01:29 PM
-
By tekno in forum Microsoft Security Discussions
Replies: 61
Last Post: October 15th, 2003, 07:51 AM
-
By MrLinus in forum The Security Tutorials Forum
Replies: 4
Last Post: October 11th, 2003, 03:22 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 5
Last Post: October 31st, 2002, 01:59 AM
-
By UberC0der in forum Security Archives
Replies: 0
Last Post: December 23rd, 2001, 12:13 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|