Slashdot Mirror

← Back to Stories (view on slashdot.org)

Website Security Without Breaking the Bank?

Posted by kdawson on from the man-who-is-his-own-lawyer dept.

An anonymous reader writes "I do my own Web design and have a few websites — MySQL, PHP, CSS, HTML, that kind of thing. It's simple, amateur stuff, but I would love to have some reasonable ways to assess their security myself and patch the big holes, or possibly enlist someone to do 'white hat' work to assist me. I have absolutely no idea how to proceed. I don't want to get mired in a never-ending paranoia-fueled race to patch holes before the hackers find them, but on the other hand, I don't want my websites to look like Swiss cheese. Right now, I wouldn't know what kind of cheese they look like: Swiss, Havarti, or hard as Parmesan. How can I take reasonable steps to protect these websites myself? What books has the community found useful? What groups (if any) can offer me inexpensive white-hat hacking that won't end up costing me a first-born child? Or am I better off just waiting until a problem arises and then fixing it?"

12 of 195 comments (clear)

  1. Well, for starters... by Xenna · · Score: 5, Funny

    What's the URL? ;)

    1. Re:Well, for starters... by iammani · · Score: 2, Funny

      slashdot.org :)

  2. Re:Hi Slashdot by Tubal-Cain · · Score: 4, Funny

    Buy a pony.

  3. Re:if you wait until it happens... by arogier · · Score: 4, Funny

    Better to shoot for Colby Jack for the time being. A nice blend of cheeses that get along well enough to accomplish the sites purpose and conspicuously lacking in holes. A parmesan site will generally have issues of its own related to its crumbling interfering with functionality.

    --
    http://www.aaronrogier.net
  4. Attack with all your might .. by cheros · · Score: 5, Funny

    http://127.0.0.1/

    Enjoy.

    --
    Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
    1. Re:Attack with all your might .. by sumdumass · · Score: 5, Funny

      Wow, I didn't know so much porn could be so free.

      Some of the models look a little young though, are you sure they are all legal at that site?

      Anyways, thanks for the tip.

    2. Re:Attack with all your might .. by Opportunist · · Score: 1, Funny

      Bah. I already have all that, and I think I might have a bit more even.

      I can't believe there's anyone out there as much into... erh... what was that IP again?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Ask the experts by Anonymous Coward · · Score: 2, Funny

    Kaspersky

  6. Re:Better tools, good process, learning from other by arogier · · Score: 3, Funny

    You can write insecure websites using pretty much any tools, but if you're using MySQL and PHP, especially if you're using other peoples code in your app, you're probably going to end up with a security nightmare, regardless of how hard you try.

    Taken to the extreme you could prepare you own active page servlet using FORTRAN and obfuscate the binaries, randomize query url generation, and run everything on your server through a microkernel operating system where you change all of the system calls and commands to things only you know.

    Then operate your website entirely anonymously with tenneling through tor between your actual webserver and the server putting up your domain.

    --
    http://www.aaronrogier.net
  7. simple, effective starting point by dltaylor · · Score: 4, Funny

    http://xkcd.com/327/

  8. WITHOUT breaking the bank? by jez9999 · · Score: 2, Funny

    The banks are already broken. Too late.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
  9. Re:Hi Slashdot by L4t3r4lu5 · · Score: 3, Funny

    Buy everyone on /. a pony

    I could do with the extra protein.

    --
    Finally had enough. Come see us over at https://soylentnews.org/