In this blog post, I will be focusing on how to secure your website through established coding practices. If you are using an MVC framework (like CakePHP, Symfony, Zend etc) or any CMS systems (like Drupal, Wordpress etc), most of these security measures might already be in place for you. Nevertheless, it would be good to know.
- Cross-site scripting Cross-site scripting attacks are attacks that target the end user instead of your actual site. Vulnerable web applications that don’t check or validate properly incoming data let arbitrary code to run on a client computer (such as Javascript). The end result can be anything from stealing cookie data or redirecting to a different site.
-
Let us imagine that you are implementing a comment feature on your website, that lets viewers of your website leave comments. If you aren't careful in validating your in coming data, users of your website can be redirected to a different location. For example, consider the following comment: Good work!
If a user visits the comments page now it will be redirected to example.com website. To prevent this, you could use PHP strip_tags method
- SQL injection This is a subset of the an unverified/unsanitized user input vulnerability. The harm occurs when a query is run based on the user input without proper validation. For example, consider the following login form example.
- Other kinds of attacks SQL injection and Cross-site injection are just 2 of the website vulnerabilities, in addition there are other attacks like buffer overflow attack, brute-force attacks etc. Carefully devising strategies for user input validation is the best way to counter these attacks.
<form> <input name='username' type='text'> <input name='password' type='password'> </form>
On the server side, the user is validated using the following query, "SELECT * FROM users WHERE username='$_GET['username']' and password='$_GET['password']'" At first, the above query looks fine. Now if the user enters the following text -"xyz' OR '1=1'", then the user can login to the site with some dummy password 'xyz', with this he can login to any user account. This makes the whole site vulnerable. The solution for the above problem is -
1. mysql_real_escape_string() This escapes all potentially dangerous characters in the string provided by adding a '\' and returns the escaped string such that it may be safe to put into a MySQL query.
2. Use parameterized statements Example: $p = $db->prepare("SELECT * FROM users WHERE username = ?"); $db->execute( $p, array($_GET['username']) );
0 Comments