Articles > Security

Adding a simple authentication using PHP require and includes

Please note that this tutorial has now been superseded by a later, more in-depth tutorial available here Continuing on with our to-do application, in this weeks snippet we're going to be using PHP's require_once function. The require_once function is similar to the require function, in that it will execute and include any php code with the calling file but with one vital difference. It will only execute once. This is important for us in this tutorial as we are going to use it to validate our user. There...

A Simple Way to Stop Bandwidth Theft from Your Website

Boosting online traffic is one of the main goals for virtually every website on the Internet. A conscientious site owner, seeking to optimize performance, will regularly check detailed traffic logs available through their hosting account or a third-party service, like Google Analytics. One very big potential problem that can be quickly detected involves the unauthorized use of files from your website by another Internet property. You must be watchful for this practice, especially if your site...

Scan for Website Vulnerabilities with WebScarab

By
Web applications remain the largest security risk for any company. The reason is two-fold. First, most software services have moved to a web based environment giving malicious hackers a much larger landscape to attack. Second, most organizations put a majority of their resources, i.e. dollars and manpower, into network and perimeter security leaving the web unguarded. In most cases, it is up to the web developer to secure sites as best they can. Those who know how to patch known vulnerabilities in...

What Web Developers Need to Know About Cross-Site Scripting

By
Alice created a new social network for snowboarders to promote her company’s new line of boards. Now, a member of the social network can read reviews from other satisfied customers and click a link that brings them right to a shopping cart feature so they can make an easy purchase. Happy with the way things look, and with the thought of all the potential sales, her boss gives her the OK for the site to go live. Mallory visits the network and creates a review of her own. Noticing that she can enter a client-side...

How to Secure WordPress Part 2 – The Plugins

By
In Part 1 of this series we took a look at how you can better secure your WordPress files during, and after, the installation of the software. But once you have the files hardened against different threats, it is time to start looking at some of the different plug-ins available that can help you further protect and secure your WordPress site. WordPress Firewall 2 ... Having worked with a company that deals with web application firewalls, I can tell you from firsthand experience that these are by far one...

What Developers Need to Know About Cross Site Request Forgeries

By
Cross Site Forgery, or cross site request forgery (CSRF), is a web based attack where a malicious web site, instant message, email, or program causes the victim’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. For example, let's say I am logged into my bank account, or cookie information is stored from a recent login, and I click on a malicious link. As a result, the link causes me to transfer money from my account (which I am logged into) to the...

How to Secure WordPress Part 1 – The Basics

By
WordPress is easily one of the most popular web applications in use, and that makes it quite a target for malicious hackers using PHP injections, SQL injections, Cross-Site Scripting and many others to compromise blogs that are not secure. You see, WordPress made its bones on how easy it is to install and use. Users quickly get hung up on finding, or designing, the right template for the blog’s UI and activating all the plug-ins needed to enhance the site’s functionality. Unfortunately not many...
PHP

Top Three Lists Regarding Web Application Security

I recall a project I worked on a few years ago where I was tasked with overseeing the security of a website we were building. When I sat down with the chief programmer I wanted to discuss three types of vulnerabilities with him: cross-site scripting, SQL injection and information leakage. His response was simply, “I don’t know anything about this stuff and I don’t care. That’s your job.” While other web developers I have worked with aren’t generally so curt in their response, I have noticed...
Load more
Home CSS Deals HTML HTML5 Java JavaScript jQuery Miscellaneous Mobile MySQL News PHP Resources Security Snippet Tools Tutorial Web Development Web Services WordPress