Five Ways to Build a Website
Vulnerabilities and Security Risks of Cloud Storage Services
Passwords
You’ve heard it a thousand times, but it bears repeating because so many people don’t follow the rules. Simple passwords aren’t secure and using the same password over and over again is a great way to get into serious trouble. Your password should be a combination of letters and numbers as well as special symbols, depending on what is allowed. Avoiding using whole words and opt instead for partial words or random letters. Use a different password for critical applications than you use for things like Facebook.
Limit or Ban File Uploads
Allowing file uploads, even images, can give a hacker the ability to get a malicious script onto the server hosting your site. If you must allow file uploads, then you need to prevent users from executing files that they upload. Good options for curtailing execution include renaming the file on upload, changing file permissions, or parsing the file for viruses/malicious software.
SSL
Any time your send or receive personal information or other sensitive material, you should use a
Customize Error Messages
Error messages can communicate information about why your site failed that can be useful to hackers. You want them to get generic responses to errors, not specific details. Messages like “incorrect username or password” are better than specifying one or the other, which would tell the attacker that at least half of their query was correct.
Validate
Everything should be validated both before it is transmitted to the server and after it is transmitted to the server. This applies to SQL queries as well. PHP has built-in functions for validation, so use them. You will want to take special care to either strip HTML from submitted content or encode it to avoid problems with cross-site scripting (XSS).
Update
Keep your software up to date and you’ll avoid a lot of headaches. Keeping up to date is especially important when you are using popular software like WordPress, phpBB, Joomla, etc. Hackers will always check the version of software you are running to determine if an old trick will work on your site. They don’t want to do any more work than they have to, after all.
Testing
When you think that your website is secure, it’s time to start testing. A number of point-and-click software resources make it easy to test for vulnerabilities like SQL injection problems, cross-site scripting vulnerabilities, and so forth. Common tools include Netsparker, w3af, Back Track (Linux only), Cain and Able, and Retina.
Safe Surfing
If you want to provide a safe, stable web experience for your users, then you have to pay close attention to security. How prominent your site is will determine whether or not you are able to do most of the security work yourself. The techniques and tips above will get you started, but there is a great deal more knowledge out there, so don’t stop here.