Hi,
I am on my dissertation in my final year at university at the moment. One of the areas I need to research is security - for both websites and for databases. I currently have sections on the following:
- Website
- Form security - such as data validation. This section is more about preventing errors made by legitimate users as much as possible rather than stopping hackers, for example comparing a field to a regular expression and giving them meaningful feedback on any errors which did occur so as to stop it happening again.
- Constraints. For example if a value must be true or false then use a checkbox. If it is likely to be one of several values then use a dropdown or a set of radio boxes, and so on. If the value is unpredictable then use regular expressions to limit what characters they are allowed to enter, and to restrict the length of the string, and sometimes to limit the format (such as for dates / times, post codes and so on).
- Sometimes you can limit permissions to the form. This is on the occasion that you know exactly who (whether it be peoples names or a group of people - such as administrators or employees) is going to need access to the form. Restricting permissions will stop members of the public from being able to access the form.
- Symbols or strings which could be used maliciously or cause the website to act incorrectly (such as the script tag) should be filtered out or html encoded.
- Captcha images can be used to prevent automated systems from filling in and submitting the form.
- There are some hacks for file uploads - such as using double extensions - which can allow hackers to upload malicious files.
- Databases (this is nowhere near done yet but the sections I have planned are listed below)
- SQL statements vs stored procedures
- Throwing an error when one of the variables contains particular characters or groups of characters (I cant remember what characters they are, but I have seen a message thrown back at me before where I have tried to enter html or something into a text area).
- SQL Injection - and ways around it, with some examples.
Does anyone have any hints and tips on where I could go for some decent, reliable information either about these areas or about other areas of security that I could cover?
Thanks in advance.
Regards,
Richard
PS I am a complete newbie when it comes to security, so please be patient with me. If any of the information I have put down is wrong or could be sub-sectioned then please feel free to say so.