Ensuring the code safety - Webmaster. Help

Üzgünüz, bu belge Türkçe diline henüz çevrilmedi.
Sayfada belgenin varsayılan dili gösterilmektedir: İngilizce.

Ensuring the code safety

The article "Ensuring a website safety" is provided by Sophos Plc and SophosLabs.

December 2007.

Developing a secure code is not always as easy as it seems. For this, you need not only experienced programmers but also the knowledge about specific security problems [12]. There are many books about secure code development. Here we just present the basics [13].

Always disable global variables since they can be intentionally initialized with a forged GET or POST request.
Disable error messages. Instead, write error information in a log file. Error information may allow the attackers to provoke a similar problem and use it for finding other vulnerabilities.
Don't trust the data provided by the users as secure. Remove special SQL characters and escape sequences using filters.

Was the article useful?