Security
- It's a lot to digest but the OWASP development guide covers Web Site security from top to bottom.
- Know about SQL injection and how to prevent it.
- Never trust user input (cookies are user input too!).
- Use a slow hashing algorithm, such as bcrypt (time tested) or scrypt (even stronger, but newer) (1, 2), for storing passwords. (How To Safely Store A Password)
- Don't try to come up with your own fancy authentication system: it's such an easy thing to get wrong in subtle and untestable ways and you wouldn't even know it until after you're hacked.
- Know the rules for processing credit cards. (See this question as well)
- Use SSL/HTTPS for login and any pages where sensitive data is entered (like credit card info).
- How to resist session hijacking.
- Avoid cross site scripting (XSS).
- Avoid cross site request forgeries (XSRF).
- Keep your system(s) up to date with the latest patches.
- Make sure your database connection information is secured.
- Keep yourself informed about the latest attack techniques and vulnerabilities affecting your platform.
- Read The Google Browser Security Handbook.
- Read The Web Application Hacker's Handbook.
I just read through the entire article of yours and it was quite good. This is a great article thanks for sharing this informative information. I will visit your blog regularly for some latest post. Great post!
ReplyDeleteWebsite Security