website security

[hamza]

i had made a website my client want 100%

website security in it.

plz guide me how i can test my website?

for all possible attacks

[Ken2k7]

I doubt you can make a website 100% secure. You chose the wrong client lol.

[darkfreaks]

http://www.symantec.com/connect/articles/securing-php-step-step

 

could use mod security if they have a dedicated server and have access. other than that there webhost would have to install it for you, so you could use it.

[hamza]

anyone else like to add

[mattal999]

Make sure you escape all possible inputs using mysql_real_escape_string() and you could even go https (Look up SSL) if you wanted to.

[darkfreaks]

Look into getting mod security it covers MYSQL Injection/XSS(cross site scripting) with both post and get methods. you can also use mod security to check each referer and weed out CSRF (cross site forgery) attacks.