How to secure your website php

-
Writing a PHP application is very easy. But sometimes they do simple mistake which is very detrimental for application. If you made an application, How users can trust on your application?  In this article, I am going to give you some basic security tips to help you protect your users trust in your application. User likes secure site.
  1. Protect your servers
  2. Protect your network
  3. Protect your application
  4. Protect against request forgeries
  5. Protect against Cross-Site-Scripting

1. Protect your servers: 
  • The important part of protecting server is Firewall. After establishing your server, must need to set up Firewall. 
  • Keep your web server software up-to-date
  • Use SSH for secure connection & copy your file remotely. SSH will help you to make sure all information goes out and in of the system remains private & protected from third party users(Hacker).
  • Keep your server location secret. 
  • Hackers can know lots of thing by your system servers IP addresses. So, you need to avoid giving your digital information to the third party user. 
  • Mix up your password with UPPER, lower, number(123...) & symbol(&*@....). So that third party user can't guess what's your password is! 
2. Protect your network:  Through this point, I want to tell you that without your web server no one can directly interact with your web server.


3. Protect your application: 
  • First of all you need to ensure that your code is bullet proof. No one can bypass your filtering system. mysql_real_escape_string this function prevents lots of attacks on your application.
*** phpStartTag ***

$cleanEmail = [];

$emailPattern = '/^[^@\s<&>]+@([-a-z0-9]+\.)+[a-z]{2,}$/i';

if (preg_match($emailPattern, $_POST['email']))

{
   $clean['email'] = $_POST['email'];

}

*** phpEndTag ***
This is just a sample of manually email validation. Same thing can be happened with the PHP email validation function. I can't show you the every validation of input fields. There are lots of function in php for validation. Keep looking & comment below if you don't understand.  
  • Use cookie or session whatever you want. But I suggest to use cookie. Yes cookie with secret signature. When a user wants to login with his username & password, create a secret signature and store it in cookie. So that, user information will be protected. Do not store username & password in the cookie or session. 
  • If you can use your own encryption code or use PHP encryption functions. But remember that 'base64_encode' & 'convert_uudecode' will increase the size of data.  

FREE TIPS: If you want to fast your PHP application you need to purge unused/unnecessary user data. And it also help to protect your application. 

4. Protect against request forgeries:  In here, the main thing is confirm the requests coming towards to your application created from your application. And Use POST rather than GET in forms. Here is the brief description.

5. Protect against Cross-Site-Scripting:  In this case, you need to ensure that first user cannot steal information from second user. For prevent this types of attack.
  • Filter all external dataknowledge
  • Use PHP functions like htmlentities(), strip_tags(), and utf8_decode() can be useful.
  • Use whitelists, whitelist means you will allow only those characters which can be needed. In most cases '<' and '>' characters do not need to be accepted. 

Through this article, I couldn't give you the every step description. But I think I gave you the tips of How to secure your website? 
Knowledge about the filtering data, protect against attacks etc.  


Enjoy the article.
Comment below.
Have a great life :) 

Comments

Post a Comment

Thanks for comment

Popular posts from this blog

Automatic Date and Time Enable Kali Linux

-
In some linux computer there is  problem with ' Automatic Date and Time ' update. But they little bit confused how to solve it. Some people say it uninstall NTP (Network Time Protocol) and then reinstall it problem will be solved. But there are few things what I am going to describe about this. First of all,  let me say that what I am faced about the clock problem in Kali linux. Whenever I open my laptop I need to set Time and Date in Kali linux. But as I know it should be worked automatic. Then I had seen that, in my 'Date & Time' settings 'Automatic Date and Time' is not enabled. Whenever I have tried to enable it, it instantly jumps to the left side. It's not enabling. After lots of research I have come with a solution. You may can set the Hardware/System or NTP time synchronization system. I will show you the both things. But I would suggest you to use the NTP. It is little bit tough to configure but once you have done it will work till you dea
Read more

The Benefits and Information of USB Type C

-
Image
USB stands for Universal Serial Bus. And a USB cable is used mainly for power transfer. There are a lot more things that it can do despite this.  And when we are talking about USB type C, we need to know it's the latest version of all the other USB cables.  To get a better idea of it, let's dive into the detailed explanation of it. What is USB Type C? The USB Type C is a connector for transmitting both electricity and data through a single cable. It is developed and manufactured by the USB Implementers Forum or USB-IF. This is considered an industry-standard connector that works pretty well to get the power into any electric device. In this modern age, USB-C serves many good features, which makes it a compulsory thing, especially for new-technology gadgets. If we talk about USB-IF, it works with more than 700 companies that include Intel, HP, Samsung, Apple, Microsoft, Dell, and lots more. Besides, USB-IF provides authentic reviews of the quality and helps a lot to its developm
Read more

2 Common E-Mail Problems!

-
When it functions admirably, email can be incredible. It's difficult to beat email for everything from keeping in contact with family to asking for data from organizations or different associations. Need to send a similar message to a few people? Speak with somebody over the landmass? Transmit photographs, compositions or other data? For speed and productivity, this practically momentary medium is a standout amongst the most advantageous highlights of present day life. In any case, email isn't without issues. In the event that you enter for the sake of an expected beneficiary yet your message holds ricocheting back, you probably won't sing email's gestures of recognition. Likewise for connections that won't open or other such disturbances. With only a little persistence, however, you can promptly conquer most email issues. What takes after are 4 regular email issues alongside answers for conquering them. Issue Returned Messages This might be the mo
Read more