What do before you lanuch website?

[krash11554]

Jw what should i check before i launch a website? Like security. Is there people who can try to hack into website and if they do they tell you and how they did?

[scootstah]

As for security, follow all the normal guidelines as a start. You can find some penetration/vulnerability testing tools to check for things like XSS, SQL injection, etc.

 

Also you could post your site on the Beta Testing forum and let people test it.

[krash11554]

Thanks for the quick reply is there anything else about security besides sql xss  That  i dont know of? Thanks

[Jessica]

We don't know what you know, so it's kind of hard to answer that.

There's XSRF attacks and Form manipulation which people don't often talk about.

 

You also need to be sure you understand handling user input, hashing passwords, stuff like that.

 

Don't forget to back up your data before letting anyone test it/use it.

[Christian F.]

Security isn't something you add after you're done writing the code, it's part of the process of writing said code. That's the only way to ensure that the code is as secure as possible, without having to re-write and restructure large parts of it after the fact.

Testing that security is also something that should be done along the way, so you know about potential problems before they happen.

 

That said, running a full PenTest suite on the site before launching it can indeed be beneficial, as that's a nice way to find out whether or not the finished product is indeed secure. There are people that can help you with such a test, but it is generally not cheap to hire that amount of knowledge. How much depends upon how thorough you want them to be, how many people involved and the reputation of the team. Generally speaking, you don't want to be (too) cheap with the money here.

 

As for what I do before pushing a site to production, or uploading it, well... It's quite simple, just two steps actually:

1. [*]Turn off debugging mode.

[*]Change all configuration settings (e-mail addresses, sql-server details, etc) from development settings to production.

Everything else; Ensuring that the code is secure, testing, researching stuff; I do as a part of the development.

[scootstah]

As for what I do before pushing a site to production, or uploading it, well... It's quite simple, just two steps actually:

1. [*]Turn off debugging mode.

[*]Change all configuration settings (e-mail addresses, sql-server details, etc) from development settings to production.

Everything else; Ensuring that the code is secure, testing, researching stuff; I do as a part of the development.

 

It's a good idea to test on a staging server that mimics the production server as much as possible. Identical software versions, users/permissions, everything. That way if there is some small difference between the development server and the production server, you will catch it here rather than the live site.