Website Security Without Breaking the Bank?

Website Security Without Breaking the Bank? 195

Posted by kdawson on Tuesday February 10, 2009 @02:28AM from the man-who-is-his-own-lawyer dept.

An anonymous reader writes "I do my own Web design and have a few websites — MySQL, PHP, CSS, HTML, that kind of thing. It's simple, amateur stuff, but I would love to have some reasonable ways to assess their security myself and patch the big holes, or possibly enlist someone to do 'white hat' work to assist me. I have absolutely no idea how to proceed. I don't want to get mired in a never-ending paranoia-fueled race to patch holes before the hackers find them, but on the other hand, I don't want my websites to look like Swiss cheese. Right now, I wouldn't know what kind of cheese they look like: Swiss, Havarti, or hard as Parmesan. How can I take reasonable steps to protect these websites myself? What books has the community found useful? What groups (if any) can offer me inexpensive white-hat hacking that won't end up costing me a first-born child? Or am I better off just waiting until a problem arises and then fixing it?"

Website Security Without Breaking the Bank?

This discussion has been archived. No new comments can be posted.

Search 195 Comments Log In/Create an Account

Comments Filter:

Hi Slashdot (Score:-1, Funny)

by Fanboy Fantasies ( 917592 ) writes: on Tuesday February 10, 2009 @02:32AM (#26794209) Homepage

3rd reply to this post tellsw me whag I should do tomorrow. As always, pictures will be posted.

Well, for starters... (Score:5, Funny)

by Xenna ( 37238 ) writes: on Tuesday February 10, 2009 @02:32AM (#26794213)

What's the URL? ;)

Re:Well, for starters... (Score:3, Funny)

by iammani ( 1392285 ) writes: on Tuesday February 10, 2009 @02:35AM (#26794233)

slashdot.org :)

Re:Hi Slashdot (Score:5, Funny)

by Tubal-Cain ( 1289912 ) * writes: on Tuesday February 10, 2009 @02:35AM (#26794235) Journal

Buy a pony.

Re:if you wait until it happens... (Score:4, Funny)

by arogier ( 1250960 ) * writes: on Tuesday February 10, 2009 @02:44AM (#26794279) Homepage Journal

Better to shoot for Colby Jack for the time being. A nice blend of cheeses that get along well enough to accomplish the sites purpose and conspicuously lacking in holes. A parmesan site will generally have issues of its own related to its crumbling interfering with functionality.

Attack with all your might .. (Score:5, Funny)

by cheros ( 223479 ) writes: on Tuesday February 10, 2009 @02:47AM (#26794295)

http://127.0.0.1/ [127.0.0.1]
Enjoy.

Re:Attack with all your might .. (Score:5, Funny)

by sumdumass ( 711423 ) writes: on Tuesday February 10, 2009 @03:13AM (#26794429) Journal

Wow, I didn't know so much porn could be so free.
Some of the models look a little young though, are you sure they are all legal at that site?
Anyways, thanks for the tip.

Re:Attack with all your might .. (Score:2, Funny)

by Opportunist ( 166417 ) writes: on Tuesday February 10, 2009 @03:23AM (#26794465)

Bah. I already have all that, and I think I might have a bit more even.
I can't believe there's anyone out there as much into... erh... what was that IP again?

Ask the experts (Score:2, Funny)

by Anonymous Coward writes: on Tuesday February 10, 2009 @03:38AM (#26794529)

Kaspersky [kaspersky.com]

Re:Better tools, good process, learning from other (Score:3, Funny)

by arogier ( 1250960 ) * writes: on Tuesday February 10, 2009 @04:17AM (#26794665) Homepage Journal

You can write insecure websites using pretty much any tools, but if you're using MySQL and PHP, especially if you're using other peoples code in your app, you're probably going to end up with a security nightmare, regardless of how hard you try.
Taken to the extreme you could prepare you own active page servlet using FORTRAN and obfuscate the binaries, randomize query url generation, and run everything on your server through a microkernel operating system where you change all of the system calls and commands to things only you know.
Then operate your website entirely anonymously with tenneling through tor between your actual webserver and the server putting up your domain.

simple, effective starting point (Score:5, Funny)

by dltaylor ( 7510 ) writes: on Tuesday February 10, 2009 @04:44AM (#26794753)

http://xkcd.com/327/ [xkcd.com]

WITHOUT breaking the bank? (Score:3, Funny)

by jez9999 ( 618189 ) writes: on Tuesday February 10, 2009 @05:02AM (#26794843) Homepage Journal

The banks are already broken. Too late.

Re:Hi Slashdot (Score:4, Funny)

by L4t3r4lu5 ( 1216702 ) writes: on Tuesday February 10, 2009 @05:22AM (#26794929)

Buy everyone on /. a pony
I could do with the extra protein.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Website Security Without Breaking the Bank? 195

Website Security Without Breaking the Bank? More Login

Website Security Without Breaking the Bank?

Hi Slashdot (Score:-1, Funny)

Well, for starters... (Score:5, Funny)

Re:Well, for starters... (Score:3, Funny)

Re:Hi Slashdot (Score:5, Funny)

Re:if you wait until it happens... (Score:4, Funny)

Attack with all your might .. (Score:5, Funny)

Re:Attack with all your might .. (Score:5, Funny)

Re:Attack with all your might .. (Score:2, Funny)

Ask the experts (Score:2, Funny)

Re:Better tools, good process, learning from other (Score:3, Funny)

simple, effective starting point (Score:5, Funny)

WITHOUT breaking the bank? (Score:3, Funny)

Re:Hi Slashdot (Score:4, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot