Tuesday, 6 September 2016

How to add Security in Website?

How to add Security in Website?

Server Signature invisible

Whatever technology you are using PHP, .Net, ASP etc you should not let to know other.

Hide the Server Signature.
Open php.ini file. 
expose_php = on
to 
expose_php = off

Add Following code in .htaccess
ServerSignature Off



XSS Protection header Enabled

Cross-site scripting (XSS) is a type of computer security vulnerability found in web applications. XSS enables attackers to inject client-side script into webpages.
We can add Protection layer to XSS attack by adding this on header.

Add Following code in .htaccess 
Header set X-XSS-Protection "1; mode=block"


Content Security Policy (CSP)

It is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting and data injection attacks.
This header is designed to specify how content interacts with your website.
Add Following code in .htaccess
Header set X-Content-Security-Policy "allow 'self';"



X-Content-Type-Options

 This header prevents "mime" based attacks. Add Following code in .htaccess
Header set X-Content-Type-Options "nosniff"



Protection From libwww-perl

LWP is a Perl modules that give Perl programming easy access to sending requests to the website. We can protect our website from this

Add Following code in .htaccess
RewriteCond %{HTTP_USER_AGENT} libwww-perl.* 
RewriteRule .* ? [F,L]



Always Use Https over http

An extra security layer because of SSL (Encryption, Data Integrity, Authentication )


X-Frame-Options

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame or iframe. Add Following code in .htaccess
Header set X-Frame-Options SAMEORIGIN

Best Related Posts are Following:

  1. How to hide web server information from the headers?.
  2. How to enable the XSS Protection header?.
  3. AES Encryption and Decryption in PHP See example.
  4. XMLRPC Wordpress Attack.
  5. How can I read request-headers in PHP.
  6. How can I prevent SQL-injection in PHP?.
  7. Shared Server Security Risk open_basedir disable_functions disable_classes.
  8. What is Best method for sanitizing user input with PHP?.
  9. Difference between Notice and warning and fatal error.
  10. How can I prevent SQL-injection in PHP [SOLVED].
  11. PHP Register Globals.
  12. PHP Sessions and Cookie and Security.
  13. PHP Check Mime Type of File - Return Information About A File.
  14. Improve Ajax Performance.
  15. PHP Captcha Code Example Code Snippets.
  16. PHP - Secure Ajax Call from Hackers - Example.
  17. htaccess code snippets example.
  18. Manage Cron Job with PHP - SSH2 Connection.
  19. Spoofed Forms - Stop Spoofed Form Submissions.
  20. Session Fixation.
  21. Session Hijacking.
  22. openssl private encrypt.
  23. Cross Site Request Forgery.
  24. SQL Injection Attack - PHP & MySQL.
  25. Cross-Site Scripting - cross site scripting examples.
  26. PHP INI settings.

Labels: