Ensuring the code safety

The article "Ensuring website safety" is provided by Sophos Plc and SophosLabs.

December 2007

Developing a secure code is not always as easy as it seems. For this, you need not only experienced programmers but also the knowledge about specific security problems [12]. There are many books about secure code development. Here we just present the basics [13].

  • Always disable global variables since they can be intentionally initialized with a forged GET or POST request.

  • Disable error messages. Instead, write error information to a log file, because error information may allow the attackers to provoke a similar problem and use it to find other vulnerabilities.

  • Don't trust the data provided by the users as secure. To remove special SQL characters and escape sequences, use filters.