|
  |
|
|
Web Security Isn't Scary!
Security is the lifeblood of any web application and every online business. No matter how hard you work designing a great site, creating high-end content, building a lively traffic stream, and improving every aspect of your online business, it can easily be stolen away if you aren’t protected. Protecting your web presence seems like a daunting task, but there are simple solutions that any webmaster can do to increase security of their applications. One of the most common and easy to exploit security braches is XSS attacks. Rather than targeting the actual server, these attacks target you website visitors. The attackers use vulnerabilities in Applications to add malicious code (usually JavaScript) to change the visitors experience on your site. Some common examples of malicious code include redirecting traffic to another site, changing browser settings and/or downloading ad/spyware, stealing cookie data, and about anything that can be accomplished with JavaScript. Sometimes a hacker won’t even have to manipulate your code to exploit your scripts. It is vital that application developers scrub all their data and ensure that every piece of data that will be outputted is validated, checked, and sanitized. And while that might seem like a chore, again, it’s fairly simple to ensure your data is safe. Here’s a quick list of things to check in every Application. 1. Validate all input parameters: When you are asking for data on a form, you are expecting a certain type of data. If you aren’t validating your data using you are not only leaving a huge security risk, but you are getting “dirty data”. There are hundreds of tutorials on validating forms. If you don’t know how, go out and figure it out. Note: Don’t only rely on JavaScript validation, especially for applications that allow lots of interactivity. JavaScript is easily broken. Look into isValid() for an easy way to validate data. 2. Another very important element is not allowing HTML to be added in your forms. Allowing HTML to be added opens up numerous security holes. The htmlEditFormat() function should be used on all input parameters to prevent HTML attacks. 3. Be sure to use error handling. Have every error that the script produces be logged and sent to the administrator, especially for your interactive elements of the site. If someone is attempting to break your script, this will allow you to know what they are doing, when they did it, and give you insight on how to keep your site web applications secure. 4. Encrypt your data. Most platforms have built-on encryption tools. USE THEM! There’s really no reason not to, especially for sensitive data like credit cards, social security numbers, and passwords. While this isn’t a comprehensive list, it does give you a great start and gives you a new outlook on internet security. Remember, it’s up to you to keep your applications safe. Spend the extra few minutes ensuring that your hard work isn’t wiped away. |
|
 |
|
PLEASE VISIT THE CONTRIBUTOR'S WEBSITE
No reactions yet.
Please login or sign up to rate this intel.
Please login or sign up to add a comment.
The copyright for this content entitled "Web Security Isn't Scary!" has been specified by the contributor as:
All Rights Reserved
This content may not be copied, distributed or adapted by anyone under any circumstances.
|
|
May, 2012
2008
January, February, March, April, May, June, July, August, September, October, November, December
2009
January, February, March, April, May, June, July, August, September, October, November, December
2010
January, February, March, April, May, June, July, August, September, October, November, December
2011
January, February, March, April, May, June, July, August, September, October, November, December
2012
January, February, March, April, May
|
|
Not a member yet?
Qondio is a powerful network for making it online. If you have a website to
promote, we can help.
Sign up and get in on the action.
|
|
Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.
|
|
