views:

55

answers:

3

how to minimize threat on website?can u list the way to minimize that problem?

+1  A: 

This is an extremely broad topic, and can't really effectively be answered in one answer. But here's a few common vunerabilities you should be researching and learning about.

  • XSS (Cross-site scripting) attacks - A method by which the security of your users can be compromised by allowing arbitrary javascript to be executed on your page.
  • SQL Injection - By allowing arbitrary SQL scripts to be executed on your database, you can give attackers the ability to retrieve senstive information from your database or even destroy data.
  • Password Security best practices - There's a whole host of information about the proper way to deal with authentication and storage of user information in your database.
Ryan Brunner
+1. This is a good start.
David Stratton
+1  A: 

There are a handful of universal things to employ:

  1. Good password policies
  2. Avoid SQL injection vulnerabilities
  3. Secure the server itself, not just the website

This list can, and does, go on just about forever. It's a little vague, but then so is your question really.

It sounds like you're asking "How do I do secure web programming?" That's just too broad for this site. You're asking us to impart years of industry knowledge about a very diverse subject into a few paragraphs. It just can't be done.

You're much better off getting some books on the subject. You can start with the Web Security Testing Cookbook. But there are a lot more places to go from there.

Keep in mind that two big parts of "securing a website" are:

  1. Designing it with security in mind from the beginning. Retro-fitting security isn't very reliable. (As an old network admin I worked with once said, even if you put your cotton candy in a steel box, it's still soft and squishy.)
  2. Knowing how to exploit security holes, so as to better test your own implementations.
David
+1  A: 

As others have mentioned, this is a broad topic.

Personally, I would start here: http://www.owasp.org/index.php/Top_10_2010

The OWASP Top 10 list is the basis for PCI compliance, and considered the gold standard by many as far as web applicaiton security. OWASP offers general guidance, as well as specific guidance for any number of platforms. I've learned more about security here than anywhere else.

David Stratton