Ensuring the code safety
The article "Ensuring a website safety" is provided by Sophos Plc and SophosLabs.
December 2007.
Developing a secure code is not always as easy as it seems. For this, you need not only experienced programmers but also the knowledge about specific security problems [12]. There are many books about secure code development. Here we just present the basics [13].
-
Always disable global variables since they can be intentionally initialized with a forged GET or POST request.
-
Disable error messages. Instead, write error information in a log file. Error information may allow the attackers to provoke a similar problem and use it for finding other vulnerabilities.
-
Don't trust the data provided by the users as secure. Remove special SQL characters and escape sequences using filters.