POTENTIALLY DANGEROUS FILE UPLOADS
- Malware upload – If an attacker can upload malware onto your site and that malware is downloaded and executed by your users then that’s likely to be a problem.
- Active content upload – For example if your site uses php, hackers can upload a php script and get it to run as part of your application and eventually take control of the server.
- Illegal content – If you allow user generated content, you’re most likely to deal with it sooner or later.
FORTIFY YOUR PASSWORDS
- Make sure you change your passwords regularly
- Don’t use names or numbers associated to you, such as birth date, anniversary etc.
- The longer the password, the better.
WEBSITE SECURITY TOOLS
- Grabber – A web application scanner which can detect multiple security vulnerabilities in web applications. It performs scans and tells where the vulnerability exists. It helps in spotting SQL Injection, Ajax testing, XSS, JS Source Code Analyzer etc. It is simple and portable but not as fast as other security scanners.
- OpenVAS – Considered to be one of the most advanced open security scanner.
- Zed Attack Proxy – Also known as ZAP is available for Windows, Unix/Linux and Macintosh operating systems. If you are new to these testing platforms, this tool is very simple and easy to use. ZAP primarily focuses on Intercepting Proxy, Dynamic SSL Certificates, Authentication support, Plug-n-hack support etc.
Follow these simple guidelines to help keep your website safe. Also if you are a web hosting provider, do urge your customers who have their websites up and running through your hosting service to stick by these must follow reminders. Let us know your thoughts on this.