Results 1 to 2 of 2

Thread: Website Security

  1. Jun 7th, 2009, 09:36 PM #1
    aNubies
    aNubies is offline

    Thread Starter
    Fanatic Member aNubies's Avatar
    Join Date
    Aug 2008
    Posts
    558

    Website Security

    Guys do you have any tips and guides on how to secure website against hackers, i know injection is not only the malicious code that hackers can do.

    Thanks in advance
    Reply With Quote Reply With Quote
  2. Jun 14th, 2009, 07:05 AM #2
    visualAd
    visualAd is offline
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Re: Website Security

    There are indeed many ways that hackers can penetrate a website. Some relate specifically to the way in which the web pages have been coded.
    Off the top of my head her are some of the other vulnerabilities to which out for:

    • The system, e.g. vulnerabilities in the webserver or PHP software, operating system vulnerabilities, buffer overruns, vulnerabilities within other software / services running on the web server.
    • The system configuration, e.g. miss configured firewalls, poor access controls, weak passwords, inapproapiate usage of protocols (e.g. HTTP for communication of secure data instead of HTTPS), insecurely configured web server (e.g. access given to private directories via the web) or web server programs (e.g. php.ini).
    • The network; the web server will know doubt reside on an internal network of some description. Devices on the internal network are given a higher level of trust than external devices, therefore threats can include other compromised systems, internal penetration from insiders (e.g. disgruntled data centre employees ) and of couse network outages.

      Externally, attackers can flood you site with requests, causing a denial of service. A well organised, distributed attack can bring your site and sometimes the machine on which it resides to a grinding hault. Very little can be done to mitigate against this kind of threat.
    • Physical: the infrasturcture of the data centre, the acces controls such as (swipe access, bio-authentication), theft, fire. Etc.


    That list is not exhaustive and the time and effort you invest in security must be proportional to the level of damage should any of the threats manifest (i.e. you need to do a risk assessment). In general, a threat to the security of your website should be defined as anything that can disrupt the normal operation of the site (i.e. not just hackers).
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!

    Spread happiness and joy. Rate good posts.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width