Web Security

Advanced search

[John Anderson]

  Security seems like a topic that everyone is talking about. Most web development companies claim that there applications are secure and they write off anyone who claims other wise. I am here to help you to determine if your web developer is doing a good job keeping you secured. Websites are very delicate objects and each and every line of code is another way for a hacker to get into your website.
  Having worked with alot of development companies I have decided that if I want to be a web developer who works for himself. I dont want to be responsible for the code that is created by any other web development company. Why dont I want to be resposible for code created by any other company. Well I would like to first talk about database connections. Database connections are the ticket straight to your database. What alot of people dont know is how a database actually works and what exactly that it is.
  One thing about databases. If your web developer thinks that running 16 different instances of mysql means they have more than one installation of mysql on the server its time for a new developer. What this means is that when a script is running it opens up 15 unnessary database connections because the developer doesnt understand that there script has opened up 16 points of entry for a hacker. So if you have a problem of a mysql server that is using up all the resources the script is leaving several entry points.

   Email accounts are a top target for hackers. If you are have email for your domain that is hosting with your web development company you better make damn sure that in you sign a confidentiality agreement with your developer. Hosted email accounts can be accessed by the company. Therefore all emails can be read. Here are a few tips to make sure that your development company is using secure email. Make sure that the email server requires password authentication over a secured connection. Also make sure that your email is not hosted on the same server as any other websites and make sure that no other companies have there email hosted on the same server.

   I am trying to keep this very basic so that people understand some of the questions that they need to ask there development company. Here are some more questions that you need to ask.

  Its also important to note that any website that asks you to submit data on a page that is not on a secured connection https:// can be sniffed and decoded.

  The next thing that you need to do to your applicat is take a string of every character on your keyboard and put it into every input on your website. If the string breaks your form than you need to get that fixed as its as good as having live database connection to your database.

   You also might want to see what happens when you put strings of code into your urls variables.

  page.php/pid/18/sid/18'"OR 1 = '1';"