WDD - LO1 - MANAGE SECURE SITES
1. Keep the Software Up to Date
Always keep the website to be up to date so that no hacker will not easily access onto the information from the web server.
- Need to keep the website up to date so that to protect it from getting new threats.
2. Block SQL Injection
SQL injection is an attack which vulnerable on bypassing the security of the website application. By inputting validation and limiting the queries can prevent the SQL injection attacks.
- adding of codes to the database with a proper language
3. Prevent XSS
Cross-site Scripting (XSS) will manipulate the vulnerable website into a malicious code for the user and when it is executed, the attacker can access and interact with the user's application.
- Client-side
- the attacker create a script or code to bypass the security of the application.
4. Providing Minimal Error Messages
Creating a least error messages for the website to be secured so that the information of the website will not be lost. such as Error 404 and File Not Found.
- unique characters
- example like username already exist, invalid password
5. Server Side Validation/Form Validation
Form validation can help the users to make sure on filling out the forms in the correct format so that the data that is submitted can be carry successfully with the web browser.
- two types of validation
- client-side validation
- server-side validation
6. Passwords
Setting up a strong password such as combining characters, numbers and symbols into one code can make it difficult for the hacker to access onto the user's account of the website.
This means that uploading the files onto the website is denied so this can prevent the user from transferring an unknown files onto the website.
- example user can upload a virus onto the website.
8. HTTPS
HTTPS is encrypted for increasing the security of the user when transferring the data such as log in to the Email account.
9. Website Security Tools
Website security tool is an application which is used for identifying and also removing malware of the website.
example - scanning virus daily
https://developer.mozilla.org/en-US/docs/Learn/HTML/Forms/Form_validation
https://portswigger.net/web-security/cross-site-scripting
https://blog.hubspot.com/blog/tabid/6307/bid/33766/10-clever-website-error-messages-from-creative-companies.aspx
https://www.acunetix.com/websitesecurity/sql-injection/
https://www.cloudflare.com/learning/ssl/what-is-https/
https://cwatch.comodo.com/blog/website-security/what-is-web-security/
Always keep the website to be up to date so that no hacker will not easily access onto the information from the web server.
- Need to keep the website up to date so that to protect it from getting new threats.
2. Block SQL Injection
SQL injection is an attack which vulnerable on bypassing the security of the website application. By inputting validation and limiting the queries can prevent the SQL injection attacks.
- adding of codes to the database with a proper language
3. Prevent XSS
Cross-site Scripting (XSS) will manipulate the vulnerable website into a malicious code for the user and when it is executed, the attacker can access and interact with the user's application.
- Client-side
- the attacker create a script or code to bypass the security of the application.
4. Providing Minimal Error Messages
Creating a least error messages for the website to be secured so that the information of the website will not be lost. such as Error 404 and File Not Found.
- unique characters
- example like username already exist, invalid password
5. Server Side Validation/Form Validation
Form validation can help the users to make sure on filling out the forms in the correct format so that the data that is submitted can be carry successfully with the web browser.
- two types of validation
- client-side validation
- server-side validation
6. Passwords
Setting up a strong password such as combining characters, numbers and symbols into one code can make it difficult for the hacker to access onto the user's account of the website.
- to prevent the hackers on guessing the password easily. if they know the password, the hackers can change the website or steal information of the website.
7. Denying File UploadsThis means that uploading the files onto the website is denied so this can prevent the user from transferring an unknown files onto the website.
- example user can upload a virus onto the website.
8. HTTPS
HTTPS is encrypted for increasing the security of the user when transferring the data such as log in to the Email account.
9. Website Security Tools
Website security tool is an application which is used for identifying and also removing malware of the website.
example - scanning virus daily
https://developer.mozilla.org/en-US/docs/Learn/HTML/Forms/Form_validation
https://portswigger.net/web-security/cross-site-scripting
https://blog.hubspot.com/blog/tabid/6307/bid/33766/10-clever-website-error-messages-from-creative-companies.aspx
https://www.acunetix.com/websitesecurity/sql-injection/
https://www.cloudflare.com/learning/ssl/what-is-https/
https://cwatch.comodo.com/blog/website-security/what-is-web-security/
Comments
Post a Comment