[ Security for Web Developers ] :: 10: Defense Strategies

Strategic Defense Initiative

Security Strategy A: Put someone on it full-time. Do patching immediately. Monitor constantly and alert frequently. Review existing apps for correct security. Run a tight firewall. Run an IDS. See https://www.veracode.com/blog/2015/10/3-easy-steps-making-perfect-security-possible. Audit, audit, audit. Security Strategy B: Use a web scanning service or plugin. Does your hosting provider offer a website monitoring service? (For instance, …

[ Security for Web Developers ] :: 08: What Can Hurt You

Script Kiddies

What You Know Can Hurt You. What You Don’t Know Can Hurt You. Most so-called hackers are really just script kiddies: http://www.hackpconline.com/2010/05/painfully-computer-pranks.html. Most of the fruit is low-hanging: https://www.toptal.com/security/10-most-common-web-security-vulnerabilities. Real exploit developers who find real vulns go much deeper: http://blog.dewhurstsecurity.com/2013/04/17/http-form-password-brute-forcing-the-need-for-speed.html. Public and private groups share information (unfortunately, not to an equal degree) about newly discovered …

[ Security for Web Developers ] :: 07: Tamper Data

Security Testing With Tamper Data

Tamper Data Here’s a more sophisticated tutorial: Assignment: Test your site security Install Tamper Data in Firefox on a suitable computer. Now visit your site and find what you can tamper with. Particularly tinker with pages with forms, especially if you use hidden fields. You can also try it out on Hack This Site (https://www.hackthissite.org/pages/index/index.php), …

[ Security for Web Developers ] :: 05: Security on the Server Side

Server Security

Your server, your database and your site’s security Do you host your own site, or is it hosted? How many sites are hosted on the same server as yours? What programming languages and platforms does it support? How many open ports and opportunities for interaction does it offer? A lot depends on properly sanitizing input …