Here are the 5 tips to safe your website from hacker
- Use Clean URL’s: https://www.site.com/news.php?id=1337 is way more tempting than https://www.site.com/news/some-news-or-today
- Sanitize Inputs:The first thing a hacker will try on seing a search box is “<script>alert(/0/)</script>“. If no sanitization is done, you are done. You’ve just given a hacker access to a very famous low hanging fruit called XSS.
- Controlling Access Control:I’ve seen cases where a simplehttp://www.site.com/phpmyadmin gave us access to complete database! No injection, nothing. Only a silly mistake of not giving appropriate permissions.
- Errors Say a Lot:Even an error page can give a lot of information about web server, folder structure of web server, version and other technologies being used in the site. So, make sure only pretty looking custom error pages are shown which do not show any internal information about web app. Many times I’ve seen where a developer forgot to switch off php errors and an attacker got a lot of information about site structure from errors.
- Forget GET: Please do not submit sensitive information from forms, sign-up pages, login areas using GET parameter. Its very easy to exploit that using a combination of CSRF or other ways.
Also Read 5 Tips for Productive Developers and share with your developer friends