Jump to content

Recommended Posts

As for security, follow all the normal guidelines as a start. You can find some penetration/vulnerability testing tools to check for things like XSS, SQL injection, etc.

 

Also you could post your site on the Beta Testing forum and let people test it.

We don't know what you know, so it's kind of hard to answer that.

There's XSRF attacks and Form manipulation which people don't often talk about.

 

You also need to be sure you understand handling user input, hashing passwords, stuff like that.

 

Don't forget to back up your data before letting anyone test it/use it.

Security isn't something you add after you're done writing the code, it's part of the process of writing said code. That's the only way to ensure that the code is as secure as possible, without having to re-write and restructure large parts of it after the fact.

Testing that security is also something that should be done along the way, so you know about potential problems before they happen.

 

That said, running a full PenTest suite on the site before launching it can indeed be beneficial, as that's a nice way to find out whether or not the finished product is indeed secure. There are people that can help you with such a test, but it is generally not cheap to hire that amount of knowledge. How much depends upon how thorough you want them to be, how many people involved and the reputation of the team. Generally speaking, you don't want to be (too) cheap with the money here.

 

As for what I do before pushing a site to production, or uploading it, well... It's quite simple, just two steps actually:

  1. [*]Turn off debugging mode.

[*]Change all configuration settings (e-mail addresses, sql-server details, etc) from development settings to production.

Everything else; Ensuring that the code is secure, testing, researching stuff; I do as a part of the development.

As for what I do before pushing a site to production, or uploading it, well... It's quite simple, just two steps actually:

  1. [*]Turn off debugging mode.

[*]Change all configuration settings (e-mail addresses, sql-server details, etc) from development settings to production.

Everything else; Ensuring that the code is secure, testing, researching stuff; I do as a part of the development.

 

It's a good idea to test on a staging server that mimics the production server as much as possible. Identical software versions, users/permissions, everything. That way if there is some small difference between the development server and the production server, you will catch it here rather than the live site.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.