Elements for building secure site

0 投票
最新提问 用户: (160 分)

If i was to build a "Hacker proof" site what would be my weapons of choice? I guess wordpress is out of the question. ;)

I am fully aware that it is no such thing as hacker proof but lets say i wanted to delay for as long as possible.

Maybe you can give me some pointers on how to proceed with that and some do麓s and dont麓s.

Thank you.

发表于 用户: (100 分)
also depends what you need to protect, what people can do on the site. more details would be needed.


0 投票
最新回答 用户: (220 分)

The question is very broad, but some essentials:

  • Prevent SQL Injection by using prepared statements.
  • Validate input / Output to prevent XSS
  • CSRF protection for form data
  • HTTPS for secure login pages
  • Secure permissions for web processes / folders on your server
  • Up to date software on server
  • Backups to remote server
  • Fail2Ban to prevent brute forcing
  • Montior access / error logs from apache/nginx
  • Monit for resource montioring
  • Encrypt passwords using a secure hashing algorithm that can't be brute forced
  • Two Factor authentication

Those are the ones off the top of my head.

发表于 用户: (160 分)
That´s what i really would like to use. I have looked at secure CMS´s and the cost for it is astronomic.
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。