Security is one of most important things for any website. As all of the users who come to a website do not have noble intentions. So if a website has poor security it is more likely to get hacked, with little care developers can make more secure websites. In this article I am going to share some security tips and will also show you that how you can implement these tips while developing a website.
Minimize the user inputs
User inputs are most likely to get exploited by smart hackers as they are like an open gate where anyone can put any data in your website. And if you don’t take care hackers can destroy information or in worst cases can even get complete control of your website. So you should only use user data when it really is necessary to do so.
Use Whitelisting Approach
If you use the user data then use whitelisting to allow only certain type of input. You should create a list of values that you want to allow in a whitelist and before processing the user input you should check if the provided input is present in the whitelist if it is then allow the value otherwise do not. For example if we want to take first name as an input, the whitelist will be like all the alphabets as numeric first name makes no sense.
Do Not Use GET Requests
GET requests are error prone as the parameters are visible in the URL in the browser. Do not use GET even for non sensitive information as it can be a cause of some serious threats such as SQL Injection. Instead you should use the POST request if you want to pass information from one request to another.
Sanitize Inputs and Parameters 먹튀검증
As we discussed in the previous steps URL Parameters and user inputs can be very dangerous if not processed and Sanitized before use. User inputs and URL parameters should only be used when there is no other option. You can sanitize by creating a white list you should also make data more secure for database use by using addslashes or mysqli_real_escape_string for protecting against SQL injection attacks. You can also put limit on the length of parameters and user inputs. Use the php strip_tags or urlencode function to prevent Cross Site Scripting attacks.
Use one token Per Form
You should use one token for every form you can generate unique token by using language specific functions may be provided by the language you are using. After generating the token you should store it in the session and when the form is submitted you can check if the request is coming from the same form and accept or reject request. Form tokens can prevent form Session hijacking attacks where hacker can do sensitive tasks by using your session.