Where can i find this?

[fekaduw]

hello everyone,

 

I am really keen to know about some security breaches. I have a website and i want it to be as highly secured as possible. Hence, i want to read about code injection and other forms of security threats to my site. by the way what are some of the security threats to a given website?

 

 

[piznac]

I found this article to be entertaining:

 

http://www.unixwiz.net/techtips/sql-injection.html

[ReDucTor]

Two most important things:

1. Keep your server up to date

2. Always Validate input

 

Do a google search on the following topics:

1. SQL Injection

2. XSS (Cross-site Scripting)

3. CSRF (Cross-site Request Forging)

4. Capta (Image validation text)

5. Directory Transversal (Always check if your using dir names that .. or absolte paths are not possible)

6. NULL Byte attacks (If you use posix regex or any other things which are vulnerable)

 

Also a few recommendations, for extra security

1. Store sessions somewhere else not the default area if your using a shared server

2. Use HTTPS

3. Dont store passwords in plain text, store as an md5 hash with extra values concat'd to make it hard to brute force just incase someone gets in

4. Learn to use .htaccess and Deny from All, and Allow from All. This will allow to block include files which shouldnt be visible

5. Always ensure you have default value (an easy way to check is error_reporting(E_ALL))

6. Never rely on magic_quotes and register_globals