Have You Got A Checklist To Ensure That Your Web Forms Are Secured?

One thing that we find out once our network at the job or our personal computer is attacked is that hindsight is 20/20.

Once we go through the steps of how the attack could have possibly happened, we come to realize that it was a mistake of our own creation.

Something that we did that could have easily been avoided.

This is one thing that is good about human nature.

We are built with the ability of not only to being able to avoid our mistakes again once we make them a first time but to really learn from them as well.

If you are building an application that will receive input from strangers online you should learn from the mistakes of others and try not to make the same ones.

You will likely make your own mistakes but they will be entirely new ones.

As you become more experienced as a programmer you soon start to realize what every other programmer has learned.

Trust No-One

The users of your application are not to be trusted.

A single solitary user can be trusted but not the masses that you expect to use your application.

Someone that is in that group will try to find a way to exploit your application and make it do things that it is not supposed to do.

An exposed application can let a hacker cause actions that are very minor such as deface the front of your web page.

It can also let the attacker do major damage to your web page and even the system that is running it.

They can gain root control of your system and use it to do whatever they want.

All because you had a little form on your web page that you neglected to clean up.

There are certain things that you can do to keep this from happening.

This means that you have to sanitize your content.

Every piece of data that is trying to enter your system from an outside source must be vetted and swept clean before it is allowed to enter.

Checking With Scripts

You can do this at an exterior level with javascript.

The first thing is to create a script that will make the data coming in have to meet a certain criteria.

You can not just rely on javascript alone.

It is a client based language and can be changed through the browser.

After the data is checked through javascript, you should use a server based script to check it.

This means you should use a language such as PHP, ASP.net, or DJango to check your data.

A server based script will not be able to be modified by the user.

You also want to make sure that that your forms sanitize any SQL commands that can be placed in there.

You do not want to fall victim to an SQL injection attack.

If you want to keep your server secured make sure that you are properly sanitizing the data that comes into your system.

If you have faith in the user you will always end up on the losing end of that agreement.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind