tags:

views:

55

answers:

3
Q: 

website security

how to minimize threat on website?can u list the way to minimize that problem?

+1  A: 

This is an extremely broad topic, and can't really effectively be answered in one answer. But here's a few common vunerabilities you should be researching and learning about.

  • XSS (Cross-site scripting) attacks - A method by which the security of your users can be compromised by allowing arbitrary javascript to be executed on your page.
  • SQL Injection - By allowing arbitrary SQL scripts to be executed on your database, you can give attackers the ability to retrieve senstive information from your database or even destroy data.
  • Password Security best practices - There's a whole host of information about the proper way to deal with authentication and storage of user information in your database.
Ryan Brunner  2010-08-09 13:06:09
+1. This is a good start.
David Stratton  2010-08-09 13:39:31
+1  A: 

There are a handful of universal things to employ:

  1. Good password policies
  2. Avoid SQL injection vulnerabilities
  3. Secure the server itself, not just the website

This list can, and does, go on just about forever. It's a little vague, but then so is your question really.

It sounds like you're asking "How do I do secure web programming?" That's just too broad for this site. You're asking us to impart years of industry knowledge about a very diverse subject into a few paragraphs. It just can't be done.

You're much better off getting some books on the subject. You can start with the Web Security Testing Cookbook. But there are a lot more places to go from there.

Keep in mind that two big parts of "securing a website" are:

  1. Designing it with security in mind from the beginning. Retro-fitting security isn't very reliable. (As an old network admin I worked with once said, even if you put your cotton candy in a steel box, it's still soft and squishy.)
  2. Knowing how to exploit security holes, so as to better test your own implementations.
David  2010-08-09 13:11:03
+1  A: 

As others have mentioned, this is a broad topic.

Personally, I would start here: http://www.owasp.org/index.php/Top_10_2010

The OWASP Top 10 list is the basis for PCI compliance, and considered the gold standard by many as far as web applicaiton security. OWASP offers general guidance, as well as specific guidance for any number of platforms. I've learned more about security here than anywhere else.

David Stratton  2010-08-09 13:37:52

related questions

RSS feeds from Gallery2
User authentication on Resin webserver
Recommendation for straight-forward python frameworks
Why no favicon for my web site?
Preferred way to use favicons?
IE6: To support or not to support.
FF3 WinXP != FF3 Ubuntu - why?
Source control for web projects.
Drag and drop ftp file upload web widgets
Accessing post variables using Java Servlets
Anyone have experience creating a shared library in MATLAB?
The Difference Between a DataGrid and a GridView in ASP.NET?
Options for Google Maps over SSL
Is there an Unobtrusive Captcha for web forms?
How can I detect if a browser is blocking an popup?
How to curl or wget a web page?
What Hosting Service is best for Django applications?
What are some web-based knowledge-base solutions?
What is a good web-based Grid that accepts Excel clipboard data?
What's the best online payment processing solution?
What are effective options for embedding video in an ASP.NET web site?
How can I tell if a web client is blocking ads?
How do I make a checkbox toggle from clicking on the text label as well?
Can you recommend a good CSS online resource or book?
Class views in Django