Skip Site Navigation «

DRX

app«drx

Web Developer Resource Index: Security

Internet Security encompasses both Internet protocols and the encryption of sensitive data before and after transport over the network, and programming methods and pragmatic solutions that developers can use to keep their visitors, Web applications, and the servers they are hosted on safe from intrusion or downtime.

Encryption standards such as DES and RSA designed for computer and information security (at least here in the US) are maintained by such government bodies as the NIST, FIPS, and the NSA.

Most Web developers are at least familiar with tools such as SSH and secure Web servers such as the Apache HTTP Server Project’s mod_ssl. But I suspect developers are probably more interested in techniques to secure their Web application data.

In general, applications are vulnerable to two types of attack vectors. These can be either database inputs (e.g. SQL injection) or output to a browser (or other user-agent) that usually involves XSS in the form of embedded JavaScript code. CSRF is another exploit that is rare and more difficult to combat.

In all cases it is important to never trust data that is coming from external sources such as Http GET, POST, FILES and COOKIE variables. Your best line of defense is to validate, filter, and sanitize user input.

Updated: Tuesday, December 30th, 2008 @ 4:36 PM EST

Internet:Security {0}(28)[74]

Navigation

Resources

{2}(14)[3]

Matching Tags

Indexes

§ A.Author
§ B.Best
§ D.Domain
§ F.Recent
§ G.Tag
§ H.Title

Search for Internet Security on:


Last updated: Tuesday, December 30th, 2008 @ 4:36 PM EST [2008-12-30T21:36:08Z]   home

(c) 2008-2010, Douglas W. Clifton, loadaveragezero.com, all rights reserved.