fekaduw Posted August 28, 2007 Share Posted August 28, 2007 hello everyone, I am really keen to know about some security breaches. I have a website and i want it to be as highly secured as possible. Hence, i want to read about code injection and other forms of security threats to my site. by the way what are some of the security threats to a given website? Quote Link to comment Share on other sites More sharing options...
piznac Posted August 28, 2007 Share Posted August 28, 2007 I found this article to be entertaining: http://www.unixwiz.net/techtips/sql-injection.html Quote Link to comment Share on other sites More sharing options...
ReDucTor Posted August 28, 2007 Share Posted August 28, 2007 Two most important things: 1. Keep your server up to date 2. Always Validate input Do a google search on the following topics: 1. SQL Injection 2. XSS (Cross-site Scripting) 3. CSRF (Cross-site Request Forging) 4. Capta (Image validation text) 5. Directory Transversal (Always check if your using dir names that .. or absolte paths are not possible) 6. NULL Byte attacks (If you use posix regex or any other things which are vulnerable) Also a few recommendations, for extra security 1. Store sessions somewhere else not the default area if your using a shared server 2. Use HTTPS 3. Dont store passwords in plain text, store as an md5 hash with extra values concat'd to make it hard to brute force just incase someone gets in 4. Learn to use .htaccess and Deny from All, and Allow from All. This will allow to block include files which shouldnt be visible 5. Always ensure you have default value (an easy way to check is error_reporting(E_ALL)) 6. Never rely on magic_quotes and register_globals Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.