Tip #2
Be Paranoid About User Input
One of the most security vulnerable areas of the web today is user forms. Websites use forms for all sorts of purposes. Whether you use forms to take orders, receive contact information or allow comments on your blogs or message boards, you need to start with one unbreakable rule: Read more…
Tip #3
Keep your security patches up to date
Security patches exist because someone has discovered a flaw in your operating system, application, webform or configuration. Security patches are a must for open source and well known applications. Microsoft has the largest share of the OS market. Finding a flaw in Windows means a hacker could have access to tens of millions of networks and computers. Big find means big money. The same is true of Open Source systems like WordPress and Joomla. They are not only in wide use, but hackers can access the source code. With the source code available they can look for and test new exploits. Read more…
Tip#4
Be Paranoid About Your Identity
Bots crawl the internet 24-hours-a-day, seven days a week, looking for useful information. These bots are hungry for information and with high speed processing, low security, and unconcerned websites, they get their fill.
Social communities like facebook, MySpace and even Craigslist can provide the opportunities and the information for disaster. Identity thieves need just a little bit of data to allow criminals to reconstruct enough of an identity to get credit cards, loans or access to your bank account. Read more…
Tip #5
Be Paranoid About Your Website Traffic
Website hacks happen on one of two ways, from external sources or internal sources.
You’ve established strong passwords, validated user input, kept your software updated and limited viewable personal and business data. You’re paranoid and off to a great start. But now you need to monitor your website traffic.
Whether you are on a Windows Server, a flavor of Unix and Apache, all servers create several types of traffic logs. These logs can provide lots of information including smtp access, password crack attempts, and website access and error logs.
Website logs are your friends. Use them. If you don’t have access to these logs contact your hosting company and find out what they have available for your use. If your site gets little traffic, examining the logs manually will be easy. Read more…
Tip #6
Limit Your Exposure to Areas Where You Do Business
If your website business sells widgets to a small area, limit the website traffic you will accept. If you own a restaurant in Milan and use your website to sell Cannelloni to the local neighborhood, limit acceptable traffic and input to your immediate area. Read more…