Hi all, Please suggest ways and tips to prevent hacking in a site.I m using jquery at client side and jsp/servlets with apache server.I will be using credit card deduction through my site.Please suggest ways.
+1
A:
Implement TLS for your site.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
Prevent XSS attacks
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities as of 2007.[1] Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by site owner.
rahul
2009-10-30 07:13:55
i think it is not that simple. After using SSL, the server may still be exposed to other security threats. you should start from the basics, review all your codes and catch all possible errors. If applicable, use a more secure server, like WebSphere.
Shivan Raptor
2009-10-30 07:18:08
+1
A:
- SSL
- validate every input (don't assume users can't change your javascript POST/GET's),
- Include per user / session / request tokens so you only allow valid looking request where you know you generate the token for
jitter
2009-10-30 07:16:53