Ensuring the code safety

The article "Ensuring a website safety" is provided by Sophos Plc and SophosLabs.

December 2007.

Developing a secure code is not always as easy as it seems. For this, you need not only experienced programmers but also the knowledge about specific security problems [12]. There are many books about secure code development. Here we just present the basics [13].

  • Always disable global variables since they can be intentionally initialized with a forged GET or POST request.

  • Disable error messages. Instead, write error information in a log file. Error information may allow the attackers to provoke a similar problem and use it for finding other vulnerabilities.

  • Don't trust the data provided by the users as secure. Remove special SQL characters and escape sequences using filters.