Page 1 of 1

Security Must-Do's on a site?

Posted: Sat Oct 29, 2005 1:06 pm
by Sequalit
Hello, Im wondering if there is a list of security do's out there somewhere, somethign that says like

"If you have a form that a user submits username/password:
You must encrypt password and (insert different security features here)"

or like if you ruploading a file what must you do to make sure its not a virus or anything?
stuff like that. just a rundown on what you need to do to properly secure your website.

i know you can never keep a website 100% secure, but there are simple easy ways of keeping your entire website
from being comprimised. just cant find a list of em all... =)

thanks..

-Sequalit

Posted: Sat Oct 29, 2005 1:12 pm
by Jenk
All input, from any and every source, should be filtered, validated and escaped.

[/discussion] :p

Re: Security Must-Do's on a site?

Posted: Sat Oct 29, 2005 1:29 pm
by timvw
You can find a number of good articles at http://phpsec.org/library/..

As you already notice, validating all your input is important. The other important thing is to validate all your output (you don't want to be wide open for CSS/XSS attacks).

Posted: Sat Oct 29, 2005 3:09 pm
by Sequalit
what is a CSS XSS attack?
and what does escaping do and how do you do it?

oh and thanks for the link to that site, its invaluable.

Posted: Sat Oct 29, 2005 3:57 pm
by timvw
C or XSS = Cross Site Scripting
CSRF = Cross Site Request Forgery

If you read the articles, fe the brainbulb: php-security one you will find a couple of pratical examples..