Home > Industries > Software

Design and detection of Software Website Security and Solutions

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Design and detection of Software Website Security and Solutions

Security Testing mainly involves the following aspects:

1. SQL injection (SQL injection)

See the article "preventing SQL Injection solutions ".

2. Cross-Site scritping (XSS): (Cross-Site Scripting)

See "XSS cross-site scripting solution"

3. csrf: (cross-site forgery request)
4. email header injection (mail header injection)
5. Directory Traversal (directory traversal)
6. Exposed error messages (error message)

7. Search for the Management Portal;

8. Authentication Bypass

A. When you view sensitive data, you only need to determine the permissions.

B. When submitting changes to sensitive data, you must also confirm the permission. It is your own

C. You must set the one-time use and validity period when activating the service. The connection string is encrypted with 3DES, and no plaintext string is allowed.

D. Enter the original password for verification when changing the password.

9. File Upload Vulnerability

10. program architecture security

A. Use the CS architecture whenever possible

B. The website's front-end cannot be in the web form, but the backend management can be made into CS.

C. Use. NET and Java in programming languages

11. Security of configuration files

Most of the time, our database passwords are stored in the configuration file, which is in plaintext. It is easy to use. The solution is to use ciphertext storage and 3DES encryption ...... The key is directly written in the Code and cannot be placed in plain text files ......

12. Have you used HTTPS?

13. Cookie Security

See "" improve cookie security-related solutions "", mainly using 3DES encryption cookie = 3DES ("value, time, IP stamp ");

14. Questions about price modification of E-commerce forms

Use the MD5 Signature for verification.

14. Session Security

The permission cannot be determined by null session. A clear value must be set.

15. Verify the server

You cannot rely only on the client for verification.

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
drawing and design software graphics and design software architecture and design software sampling design and analysis 2nd edition solutions antivirus and security software scada system security threats vulnerabilities and solutions black and white website design
Related Article
Mutual Shield Data Recovery software How to recover completel...
Hadoop open source software and ecosystem
How to Use the partition software partitionmagic (images) and...
Video Format MPEG4 software and Production
Get the real address for Software Download! Obtain the URL of...
Differences between common developers and software engineers

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More