WAD - LO1- MANAGES SECURE SITES
Describe how each of the following are implemented
1)Keeping software up to date
-Use Microsoft update to install critical updates
2)Block SQL injection
- blacklist malicious hosts
- pool resources
- Minimize access
- Encrypt Data
- Distrust users
- Profile application
- Watch for automation
3)Prevent XSS
- Recursive sanitization
- properly handle encoding/decoding
- hacker may by pass the javascript
4)Providing minimal error messages
-error message which can validate the database,
-error 404 missing page.
5)Server side validation
-input submitted by the user is being sent to the server and validated using one of server side scripting languages, After the validation process on the Server Side, the feedback is sent back to the client by a new generated web page
6)Password
-strong password, avoid using: any personal data (such as your birthdate), common words spelled backwards and sequences of characters or numbers, or those that are close together on the keyboard.
7)Denying file uploads
8) HTTPS
-Host with a dedicated IP address
anti virus that can scan website
Describe how each of the following are implemented
1)Keeping software up to date
-Use Microsoft update to install critical updates
2)Block SQL injection
- blacklist malicious hosts
- pool resources
- Minimize access
- Encrypt Data
- Distrust users
- Profile application
- Watch for automation
3)Prevent XSS
- Recursive sanitization
- properly handle encoding/decoding
- hacker may by pass the javascript
4)Providing minimal error messages
-error message which can validate the database,
-error 404 missing page.
5)Server side validation
-input submitted by the user is being sent to the server and validated using one of server side scripting languages, After the validation process on the Server Side, the feedback is sent back to the client by a new generated web page
6)Password
-strong password, avoid using: any personal data (such as your birthdate), common words spelled backwards and sequences of characters or numbers, or those that are close together on the keyboard.
7)Denying file uploads
-Never accept a filename and its extension
-Uploaded directory should not have any “execute” permission
-Restrict small size files as they can lead to denial of service attacks
-Host with a dedicated IP address
-using SSL Certificates,
-information encrypted and cannot intercepted
-
9)Website secure toolanti virus that can scan website
Comments
Post a Comment