Hi friends, can you suggest any tips for keeping the site secure? As many security issues occur just wanna be on the safe side.
There is a good article "10 security tips to protect your website from hackers" at here: creativebloq.com/web-design/website-security-tips-protect-your-site-7122853
I hope, it will be useful for you.
Thank you Suraj!was very helpful...
The first question you should ask yourself when you are securing a website is:
There are 2 ways both have advantages and desadvantages.
Description:Fast deployment(ready fast),Easy editing of content,backend with a user interface easy to manage,plugins,but security vulnerabilities.
Framework or do it by yourself idea
Description:Medium deployment(longer to create),Need to create the UI(user interface), posibility to add extra security,like
-csrf token(a input field that is hidden and contains a secret set of characters that need to match with the backend set)
-I always like to stripslashess,trim,html entities, much safer
-https the most secure way encryption on the fly(big cost)
-captcha is a good way of dealing with spam
-oh one more thing generate a new sesion id every time a user logins this will attacks a lot harder
-one thing you cannot protect against is the user gets a keylogger or trojan horse,then all your efforts are in vain are almost, the only thing you can do is to create a onscreen keyboard for loggin,but if the attackers program is smart enough it will also print the screen of a user.
Hope this helps
Before we can answer this, we need to know what platform / webserver and language technologies and RDBMS that you're using. Are you using frameworks on top of these?
BTW, I don't like to rubbish other peoples' suggestions, but there are a few decidedly dodgy ones on this thread.
If say that are some opinion you don't agree with please give some examples so that we may understand what are you reffering to.
Because i can't guess what are thinking.
These caught my eye:
md5 even with salts can no longer be considered secure. SHA variants (or a variety of other "secure" hash algorithms) should be used.
"verifying" is probably the wrong term - I assume you meant "validating" - but I may be wrong and may stand corrected.
while captchas may deal with automated posts, they will do nothing about the determined manual poster, but I concede that their use is a sensible measure
I do apologise for my comment dany12, as in hindsight it seems rather harsh. I will endeavour to think more lucidly before I start typing in future.
I still think that the OP needs to expand on her requirements and provide a description of her system before we start second guessing how to proceed. Certain issues, as you've pointed out, are pretty universal and could be implemented across all platforms. However some of the examples seem geared towards PHP, which may or may not be relevant to the OP.
Thank you for the details about what was outdated.
For me verification menas validatind the data you recieve before sending it via ajax.
You are wright that the OP should provide more details about the project, but I assumed he/she wanted to know a generic about security and most likely would work with php that is the most common way to create a website.
Using some basic database work, you can have your website have a secure connection by running it through an encryption. You can also make sure that all of the computers hosting your website have a firewall to keep out connections that aren't to the webpage. (Use both of these for full security)