| How to protect your codeigniter site against attacks |
[eluser]ortenheim[/eluser]
Hi I am looking for advice regarding protection and testing against attacks on your codeigniter website. Quote:I have found some advice myself by searching around and I hope the more experienced developers have more suggestions and can fill in the blanks. please help out if you can so we can make safer and better websites. First some common attacks against websites: 1. Server side: port scanning (1.1) 2. websites: Cross-site scripting, (2.1) Injection attacks, (2.2) Cross-site request forgery, (2.3) Broken authentication and session management, (2.4) Insecure cryptographic storage, (2.5) Insecure Communications, (2.6) information Leakage (2.7) How to test: 1.1 port scanning software (firefox has addons but they cannot scan low number ports?) 2.1 xss mefor firefox 2.2 inject me for firefox 2.3 xss me? 2.4 access me access me 2.5 ? 2.6 ? 2.7 ? how to fix in php (and preferably codeigniter): 1.1 close your ports? (except for 80 and 465?)  2.1 Code: $config['global_xss_filtering'] = TRUE;2.2 use activerecord (escaping queries) (anything else?) 2.3 ? 2.4 ? 2.5 ? 2.6 ? 2.7 ? please help out if you can thx
[eluser]InsiteFX[/eluser]
All of the above! NEVER NEVER NEVER trust user input... InsiteFX
|
| Welcome Guest, Not a member yet? Register Sign In |
