[ Security for Web Developers ] :: 10: Defense Strategies

Strategic Defense Initiative

This is post 10 of 16 in the series “Security for Web Developers” Security Strategy A: Put someone on it full-time. Do patching immediately. Monitor constantly and alert frequently. Review existing apps for correct security. Run a tight firewall. Run an IDS. See https://www.veracode.com/blog/2015/10/3-easy-steps-making-perfect-security-possible. Audit, audit, audit. Security Strategy B: Use a web scanning service …

[ Security for Web Developers ] :: 08: What Can Hurt You

Script Kiddies

This is post 8 of 16 in the series “Security for Web Developers” What You Know Can Hurt You. What You Don’t Know Can Hurt You. Most so-called hackers are really just script kiddies: http://www.hackpconline.com/2010/05/painfully-computer-pranks.html. Most of the fruit is low-hanging: https://www.toptal.com/security/10-most-common-web-security-vulnerabilities. Real exploit developers who find real vulns go much deeper: http://blog.dewhurstsecurity.com/2013/04/17/http-form-password-brute-forcing-the-need-for-speed.html. Public and …

[ Security for Web Developers ] :: 07: Tamper Data

Security Testing With Tamper Data

This is post 7 of 16 in the series “Security for Web Developers” Tamper Data Here’s a more sophisticated tutorial: Assignment: Test your site security Install Tamper Data in Firefox on a suitable computer. Now visit your site and find what you can tamper with. Particularly tinker with pages with forms, especially if you use …

[ Security for Web Developers ] :: 05: Security on the Server Side

Server Security

This is post 5 of 16 in the series “Security for Web Developers” Your server, your database and your site’s security Do you host your own site, or is it hosted? How many sites are hosted on the same server as yours? What programming languages and platforms does it support? How many open ports and …

[ Security for Web Developers ] :: 04: Risk Factors

Internet Security Threats

This is post 4 of 16 in the series “Security for Web Developers” Your site will be tested if: It holds anything of value, It attracts lots of attention (sorry) or It’s controversial in any way. The software you’ve written (your own code) critically depends on your knowledge of things like “sanitizing” the data input …