01. Keep software up to date
It may seem
obvious, but ensuring you keep all software up to date is vital in
keeping your site secure. This applies to both the server operating
system and any software you may be running on your website such as a CMS
or forum. When website security holes are found in software, hackers
are quick to attempt to abuse them.
If you are using a managed
hosting solution then you don't need to worry so much about applying
security updates for the operating system as the hosting company should
take care of this.
If you are using third-party software on your
website such as a CMS or forum, you should ensure you are quick to apply
any security patches. Most vendors have a mailing list or RSS feed
detailing any website security issues. WordPress, Umbraco and many other
CMSes notify you of available system updates when you log in.
02. SQL injection
SQL injection attacks
are when an attacker uses a web form field or URL parameter to gain
access to or manipulate your database. When you use standard Transact
SQL it is easy to unknowingly insert rogue code into your query that
could be used to change tables, get information and delete data. You can
easily prevent this by always using parameterised queries, most web
languages have this feature and it is easy to implement.
03. Error messages
Be careful with how
much information you give away in your error messages. For example if
you have a login form on your website you should think about the
language you use to communicate failure when attempting logins. You
should use generic messages like “Incorrect username or password” as not
to specify when a user got half of the query right. If an attacker
tries a brute force attack to get a username and password and the error
message gives away when one of the fields are correct then the attacker
knows he has one of the fields and can concentrate on the other field.
Si después de leer el artículo podemos ayudarte, no dudes en contactarnos estaremos encantados de hacerlo. ¡Así que solo tienes que decirnos!
