[ Security for Web Developers ] :: 16: Best Practices

Blue Security Goddess

You should: Change the default user name directly in the database. Put files that contain login credentials outside your webroot. Don’t allow writable directories. (With details….) Don’t allow users to upload anything. Sorry. Avoid toxic data. Patch like mad. Use a security notification plugin like Sucuri (and actually pay attention). Change your username if the …

[ Security for Web Developers ] :: 15: Testing Guides and Aids


By the Book There are lots of methodologies, more or less formal, for testing your web app’s security. OWASP is, of course, a biggie. https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf And don’t forget tools for particular platforms, for instance WordPress. http://wpscan.org/ (this is great) Next: https://schoolforhackers.com/security-web-developers-best-practices/

[ Security for Web Developers ] :: 13: Testing With Hydra

THC Hydra

Hydra First, be clear that there is more than one way to password-protect a website or a directory (folder) inside a website. One is to use a database management system to control what everybody sees. Another is to use simple htaccess files to require a password. Regardless, Hydra is an app to brute-force website logins, …