Tuesday, 6 September 2016

How to add Security in Website?

How to add Security in Website?

Server Signature invisible

Whatever technology you are using PHP, .Net, ASP etc you should not let to know other.

Hide the Server Signature.
Open php.ini file.
expose_php = on
expose_php = off

Add Following code in .htaccess
ServerSignature Off

XSS Protection header Enabled

Cross-site scripting (XSS) is a type of computer security vulnerability found in web applications. XSS enables attackers to inject client-side script into webpages.
We can add Protection layer to XSS attack by adding this on header.

Add Following code in .htaccess
Header set X-XSS-Protection "1; mode=block"

Protection From libwww-perl

LWP is a Perl modules that give Perl programming easy access to sending requests to the website. We can protect our website from this

Add Following code in .htaccess
RewriteCond %{HTTP_USER_AGENT} libwww-perl.* 
RewriteRule .* ? [F,L]

Always Use Https over http

An extra security layer because of SSL (Encryption, Data Integrity, Authentication )

No comments :

Post a Comment