Although most entrepreneurs are more interested in running their businesses than digging into the minutiae of web architecture, website security is serious: Research by Imperva in 2012 found that most web applications receive four or more web attack campaigns each month, with some facing constant attack.
The good news is that securing your site isn’t a complex process, provided you go about it correctly.
SSL is the first step
Secure Sockets Layer (SSL) is a type of website protection that encrypts data transmitted to and from your page. Whenever you see that small padlock icon in the address bar, you know the site you’re visiting is using an SSL connection. This is also a style of security protocol used to make your page HTTPS certified, which has the added benefit of increased security and boosting your SEO page rank.
Shield your headers
Response headers, when left in their default configurations, broadcast a wealth of information to the net that can be exploited by hackers aware of vulnerabilities. This digital footprint can include anything from the type of web server you’re running to the Model View Controller framework on which your site is built. Don’t expose yourself as a target – obscure response headers to protect your site.
The cookies transmitted between systems is a common area of web vulnerability.
Your first move for controlling cookies involves enabling the HttpOnly response flag in a Set-Cookie HTTP response header to stop client-side scripting protocols from taking advantage of the cookies you leave behind. You can also use Secure Cookies (after enabling SSL encryption) to decrease the odds your cookies will get intercepted.
Protect against SQL injection
Structured Query Language (SQL) injections involve attackers insert malicious code into data-driven applications, aiming to compromise your database.
To combat this, ensure each data input mechanism on-site is validated – meaning only correct types of data can be collected by the database. You should also run stored procedures instead of open queries, as stored procedures are more selective in which types of data are accepted when performing database functions.
Small Business Security
These tips are just a starting point for locking down your website. Small business security relies on a multitude of factors, so don’t be afraid to reach out to a qualified web security company to help walk you through the details.
Questions about keeping your website secure? Reach out to MyMobileLyfe today!