krash11554 Posted August 23, 2012 Share Posted August 23, 2012 Jw what should i check before i launch a website? Like security. Is there people who can try to hack into website and if they do they tell you and how they did? Quote Link to comment Share on other sites More sharing options...
scootstah Posted August 23, 2012 Share Posted August 23, 2012 As for security, follow all the normal guidelines as a start. You can find some penetration/vulnerability testing tools to check for things like XSS, SQL injection, etc. Also you could post your site on the Beta Testing forum and let people test it. Quote Link to comment Share on other sites More sharing options...
krash11554 Posted August 23, 2012 Author Share Posted August 23, 2012 Thanks for the quick reply is there anything else about security besides sql xss That i dont know of? Thanks Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 23, 2012 Share Posted August 23, 2012 We don't know what you know, so it's kind of hard to answer that. There's XSRF attacks and Form manipulation which people don't often talk about. You also need to be sure you understand handling user input, hashing passwords, stuff like that. Don't forget to back up your data before letting anyone test it/use it. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted August 23, 2012 Share Posted August 23, 2012 Security isn't something you add after you're done writing the code, it's part of the process of writing said code. That's the only way to ensure that the code is as secure as possible, without having to re-write and restructure large parts of it after the fact. Testing that security is also something that should be done along the way, so you know about potential problems before they happen. That said, running a full PenTest suite on the site before launching it can indeed be beneficial, as that's a nice way to find out whether or not the finished product is indeed secure. There are people that can help you with such a test, but it is generally not cheap to hire that amount of knowledge. How much depends upon how thorough you want them to be, how many people involved and the reputation of the team. Generally speaking, you don't want to be (too) cheap with the money here. As for what I do before pushing a site to production, or uploading it, well... It's quite simple, just two steps actually: [*]Turn off debugging mode. [*]Change all configuration settings (e-mail addresses, sql-server details, etc) from development settings to production. Everything else; Ensuring that the code is secure, testing, researching stuff; I do as a part of the development. Quote Link to comment Share on other sites More sharing options...
scootstah Posted August 23, 2012 Share Posted August 23, 2012 As for what I do before pushing a site to production, or uploading it, well... It's quite simple, just two steps actually: [*]Turn off debugging mode. [*]Change all configuration settings (e-mail addresses, sql-server details, etc) from development settings to production. Everything else; Ensuring that the code is secure, testing, researching stuff; I do as a part of the development. It's a good idea to test on a staging server that mimics the production server as much as possible. Identical software versions, users/permissions, everything. That way if there is some small difference between the development server and the production server, you will catch it here rather than the live site. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.