dating advice: 7 Mistakes Solo Females Help to make
In reality, the use of security certificates would not improve the security of our site, but it would help to improve the security of the information that moves through it, especially in electronic businesses where sensitive user data is usually sent.
This type of security certificate, what it does is to encrypt the information that is sent through the web page, preventing someone who intercepts the traffic from decrypting the sent data, unless they also get the encryption key.
Another aspect that everyone should spend some time on is defining the type of permissions that a file can have. With this, what we achieve is to define who can do something about it. A file has three permissions available and each of them is represented with a value:
If we want to allow several permissions we only have to add the numbers. For example, to indicate that it can read and write, the value 6 would be set as user permission.
Now, if for example, we want the owner to have read and write access, the group to have read-only access, and the public to have no access, the permissions configuration file should have the value 640.
Today most web applications make use of databases to store the information displayed on the site or to store all the data that users send through the forms on the site. There are times when some of that information is of great importance. In these cases, it is a good idea to encrypt the data that is stored, so that if someone enters our server’s database, they cannot read the information, but will only see nonsensical letters and numbers. This is the case of passwords or bank account numbers, information that should always be encrypted using an algorithm created for it.
As strange as it may seem, not everyone performs them. In case of suffering some type of attack that has infected our site, the safest way to end it is by resorting to a backup that we have made of our portal.
These backups also guarantee us to have our information saved in case of suffering some kind of catastrophic event. Of course, do not make the copy on your own computer, but on some external medium that is stored in a different place than where we have the server.
It is very important to carry out some kind of audit on our site looking for any kind of vulnerabilities. There are several tools that are responsible for automatically performing this type of analysis, such as Nikto or W3AF.
These types of tools usually launch a large number of HTTP calls to try to obtain information to show the user, indicating those vulnerabilities that have been found.
If we configure the cookies as “secure” we will be ensuring that they are only exchanged between the browser and your application through the HTTPS protocol. On the other hand, by marking them as “httponly”, we will avoid having scripts that can access the information stored in them, reducing the chances of suffering a cross-site scripting attack.
In the market we can find hundreds of companies that provide hosting services, but not all of them offer the same level of security. It is very important that this hosting provider has an intrusion detection and prevention system, even offering security barriers to block possible attacks such as the use of a firewall on their systems.
A good practice is to block the protocols considered for administration (Remote Desktop or Terminal Service, telnet, ssh, webmin, usermin and if possible ftp) in such a way that they can only be accessed from the IP addresses that the user normally uses to its management. In this way, even if an attacker could get our passwords, as he does not have an authorized IP, he cannot connect.