Recently I had attended a two day workshop on Information Security at my college. The workshop exposed to a various topics of the security domain. Out of which my personal favorite was the web based security and truly speaking, a person needn’t become a hacker to breakdown a website’s security since a simple search yields sufficient information required to launch an attack.
It will be foolish to say that a website is fully secured and can’t attacked because vulnerability may be present in any of the component of the website or the server may be using some outdated components which can be sufficient to launch an attack. So it becomes very tough for a normal user to have a determine that is their content secure or not?
In my last semester, we were taught software engineering which was quite an interesting subject since it gave a great exposure to various topics of software engineering. So the most appealing was the software quality; if we follow some rules, regulations, standards, etc. then we can drive-off many issues on both the functional and non-functional end.
Following is a small checklist which may help to the budding programmers for getting huge success:
- Search on the functionality we are about to start coding. Suppose if we’re planning to code a user registration module then first of all we need to check the latest implementation techniques and other related aspects
- Stick to W3C Standards and other programming standards for server-side language, like PHP, ASP, etc.
- When working on PHP then we shall always consult the PHP Manual (php.net/manual/en/index.php) since it gives us a good information about every function and the user comments help in understanding the usage. Apart from helps in finding out deprecated functions quite helpful on the security domains
- We must check each and every component of the working code before delivering it. And the output for every type of input valid/invalid (like entering special characters) must be checked. This is very important for the verification process.
- Never insert any user input directly to the database rather filter it
- Use scanners like Acunetix Web Security Scanner or even try out free scanners to locate vulnerabilities on whole code. These days every thing is script based which reduce the human effort and produces positive results.
- Select your hosting company wisely and don’t just take a decision based on monetary savings because sometimes our code is perfectly secured but just because of the vulnerability located at the server end, we have to pay the price.
- Keep all your code updated and do check them at proper intervals. We must delete any unnecessary piece of code like database backup, readme files, etc.