Recently I had attended a two day workshop on Information Security at my college. The workshop exposed to a various topics of the security domain. Out of which my personal favorite was the web based security and truly speaking, a person needn’t become a hacker to breakdown a website’s security since a simple search yields sufficient information required to launch an attack.

It will be foolish to say that a website is fully secured and can’t attacked because vulnerability may be present in any of the component of the website or the server may be using some outdated components which can be sufficient to launch an attack. So it becomes very tough for a normal user to have a determine that is their content secure or not?

In my last semester, we were taught software engineering which was quite an interesting subject since it gave a great exposure to various topics of software engineering. So the most appealing was the software quality; if we follow some rules, regulations, standards, etc. then we can drive-off many issues on both the functional and non-functional end.

Following is a small checklist which may help to the budding programmers for getting huge success:

Checklist of the quality domain

  1. Search on the functionality we are about to start coding. Suppose if we’re planning to code a user registration module then first of all we need to check the latest implementation techniques and other related aspects
  2. Stick to W3C Standards  and other programming standards for server-side language, like PHP, ASP, etc.
  3. When working on PHP then we shall always consult the PHP Manual (php.net/manual/en/index.php) since it gives us a good information about every function and the user comments help in understanding the usage. Apart from helps in finding out deprecated functions quite helpful on the security domains
  4. We must check each and every component of the working code before delivering it. And the output for every type of input valid/invalid (like entering special characters) must be checked. This is very important for the verification process.
Checklist of the security domain:
Before I start, let me share a shocking fact, majority websites that are attacked is only due to a simple SQL Injection Attack. It occurs just because of unfiltered input and it’s quite capable of causing huge damages.
  1. Never insert any user input directly to the database rather filter it
  2. Use scanners like Acunetix Web Security Scanner or even try out free scanners to locate vulnerabilities on whole code. These days every thing is script based which reduce the human effort and produces positive results.
  3. Select your hosting company wisely and don’t just take a decision based on monetary savings because sometimes our code is perfectly secured but just because of the vulnerability located at the server end, we have to pay the price.
  4. Keep all your code updated and do check them at proper intervals. We must delete any unnecessary piece of code like database backup, readme files, etc.

Both of the checklists are endless but the main motive is to create an awareness regarding quality and security. First of all on the quality domain, if we follow a standard and a proper development model then the we end up with a manageable code which can be easily maintained and performs well on the security domain as well.
Now on the security domain, I would just like to say that we needn’t become a security professional to secure our code/website, it’s just that a basic know-how is sufficient to protect ourselves. If we follow a basic discipline to establish a cause-and-effect relationship then it’s more than sufficient.
Finally I would like to say that in today’s world we can’t ignore security as well quality of our code/website since these two domains have really become the paradise for success and if we don’t initiate the transition process then we can never imagine secured cyber space. So if we want to become a successful web developer then we must consider both the domains! Best of luck to all you……..happy development 🙂