Friday, June 21, 2019
Developing an interactive secure website Research Paper
Developing an interactive infrangible meshsite - Research Paper ExampleThe extensive ontogeny and use of the internet over the years have created and led to weavesites and web applications facing more threats and vulnerabilities each day. This has thus demonstrates the importance and emphasis developers and website administrators have localize on web security. Web security does not only entail securing the web application only but also securing the web server and the web users as well. This article aims at explicating the various forms of threats, attacks and vulnerabilities that web applications, servers and users face.It will also show various method actings of howto prevent, minimize and deal with security loopholes that attackers exploit. The importance of ensuring security of websites, web servers and the users abidenot be underestimated (Braithwaite, 2002). Discussion There are various vulnerabilities that web applications and websites face. These threats range from secur ity loopholes that are created during development, at the servers and at the user interfaces. This discussion will mostly focus on the security of website application developed using PHP language and are SQL database driven. PHP functions Security Developing website applications using PHP is relatively easy since its syntax and semantics green goddess easily and quickly be grasped. The buck though doesnt stop here. It has the capability of performing diverse functions when its seamlessly and flawlessly working with HTML. The fact that it is open address and also works well with other open source tools and languages such as the MySQL database ad the Apache Server makes the most preferred web development languages for developers and real much targeted by hackers and malicious web users. Many developers, especially beginners ignore or forget the aspect of security (Shaw, 2001). It is worth noting here that even advanced developers sometimes write code that is vulnerable to attacks .PHP can work even if there are security loopholes in the coding. These loopholes are not hard to position in PHP and are what malicious web users look for. Although PHP offers some great features that can be used to minimize security vulnerabilities, its up to the developer to be able to utilize them (Braithwaite, 2002). Securing PHP applications entails limiting coding errors as much as possible. Common types of PHP security loopholes are Error Reporting This is a PHP tool that allows diagnosis of errors and quick and easier fixing. It is also potential security vulnerability when no properly used such as when errors are publicly visible to users on-screen. It reveals a component part of information such as security loopholes in the code. Display_errors should be turned off or be appended a 0 value so that errors cannot be viewed on-screen by users. If the Display_error is turned on or appended the 1 value, errors will be displayed onscreen to users thus posing as a security th reat that hackers can exploit. You can however opt to report errors by enabling log_errors. This is done by turning on log_errors and showing the location of the log using error_log. Register_Globals Writing PHP applications is do convenient and simpler by the use of Register_Globals. This although poses a great threat in terms of security. Register_Globals should therefore be always turned off. If turned on, users who are neither authenticated nor verified can inject variables in the application thus gaining administrative access to the application. A good example is where a user whitethorn append the value ?admin =1 at the end of a page url and gain access to the sites administrative areas that might require a secure password. e.g. if(isset($_POSTpwd) && $_POSTpwd == wxyz) $admin = TRUE If Register_Global is turned off, this kind of forced access cannot occur. Therefore, it is advisable to consider using predefined PHP variables such as $_POST, $_ENV, $_COOKIE, $_SERVER or $_GE T to ensure tight security. Cross-Site Scripting (XSS) Hackers use this method to collect website
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.