National Space Policy

National Space Policy

Top10 tips for your secured website design

In these days, many web programmers are not making securable websites. The programmers add more readymade things such as hit counters, chat links, calendars, and etc. It is not recommended for secured and perfect website designs. Most of the hackers are hacking websites and servers using plenty of ways. If you want to design 100% secured website and avoid Vulnerabilities websites, you must follow this 10 things

By: Tamilvanan

" April 2008 hundreds of thousands of Microsoft Web Servers Hacked.

Hundreds of thousands of websites - including several at the United Nations and in the UK. Government have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Wind to install malicious software on visitors machines.

The attackers appear to be breaking into the sites with help of a security vulnerability in Microsoft's Internet Information Services (IIS) Web Servers. In an alert issued last week of April 2008, Microsoft said it was investigating reports of an unpatched flaw in IIS servers. But at the time it noted that wasn't aware of any one trying to exploit that particular weakness." ( Thanks Mr. Brain Krebs and mr.John Mitchell )

In these days, many web programmers are not making securable websites. The programmers add more readymade things such as hit counters, chat links, calendars, and etc. It is not recommended for secured and perfect website designs. Most of the hackers are hacking websites and servers using plenty of ways.

  If you want to design 100% secured website and avoid Vulnerabilities websites, you must follow this 10 things,

Do not add any third party tools. Except reputed companies tools (Such as IBM, Microsoft and etc.,). Check your codes carefully, its may contain any cross scripts, and meaningless codes. Sql Injections and input validations.

           Input Validation Vulnerability

                      Untrusted user input in SQL query to back-end database

                      Without sanitizing the data

           Specific case of more general command injection

                       Inserting untrusted input into a query or command

            Why Bad?

                      Supplied data can be misinterpreted as a command

                      Could alter the intended effect of command or query

Cross-site request forgery Use powerful firewall and antivirus support to your design. Select perfect secured server and service provider for hosting. Avoid free web space providers. Do not host your site from another one computers. Be aware of Key logger's software. Verify authentications codes and nature.

For example,

Vaiable = isaccessfunction(user)

If ismatch(variable) then

{

            access pages;

}

else

{

            do not permit to access;

            }

this is looks fine but not secure. A perfect code is below

Variable=wronguser;

Variable = isaccessfunction(user)

If user is valid then

{

            access pages;

}

else

{

            do not permit to access;

            }

Be aware, To offer Maximum Security policy to your customers.

Thanks

Tamilvanan.R, IT Executive.