A Few Web Development Tips to Secure Your Web App

This is somewhat old news (the original blog was written November 2006) but it’s a really good collection of simple things we can all keep in mind to avoid gaping security holes as we develop new web applications. Included are reminders about the vulnerabilities in browsable directories, plain-text variables, and freely-visable web stats from tools such as Webalizer (noted security vulnerabilities).

A few things I would add to the list include warnings about cross-site scripting vulnerabilities involved in careless variable passing (explanation here), SQL injection in forms, and predictability in the locations you place important files (system, admin, or install files). All of these items open doors for malicious outsiders to learn how your system is set up and find ways to exploit it.

You may think you’re safe from hackers, spam or any sort of malicious activity, but this stuff happens all the time to all sorts of websites. All it takes is a small hole and a script-kiddie with too much time on his or her hands to turn your hard work into a nightmare.

Michael Sutton’s Blog: Top 10 Signs You Have an Insecure Web App

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s