WDD – LO1 – Manage Secure Sites

There are several ways to manage a secured site. Describe how each of the following are
implemented.

 Keeping Software Up to Date.

To keep software up-to-date, use Windows update. To make sure your device is up to date,
go to Settings, click Update & Security, then click Windows Update. To search for available
updates, select Check for Updates.

 Block SQL Injection.

To block form SQL Injection, do not apply common database access between various web
sites or applications. Not just fields that allow users to enter in input, but all user-supplied
input must be evaluated for expected data types, including drop-down menus and radio
buttons. Furthermore, correct error reporting and handling must be set on the web server
and in the code so that database error messages are never transmitted to the client web
browser. Specific aspects in excessive error reports might be used by hackers to smooth
their queries for effective operation.

 Prevent XSS.

The application must test all input data, guarantee that only the listed data is authorized, and
guarantee that all variable output in a page is encrypted before it is sent to the user to
prevent XSS attacks. When users encrypt variable output, simply replace HTML syntax with
domains, which are alternate expressions. The domains are shown in the browser, so they
are not executed. The domains are transformed back to HTML and displayed when they are
loaded by a browser, so they are not executed.
  Providing Minimal Error Messages.

The error message must be clear, precise, brief, and to-the-point. Users should be able to
comprehend what mistakes they have produced and how to solve them instantly. This is
important and will have a major impact if users fail to comprehend their error instantly.

 Server Side Validation/Form Validation.

Validation is required as a security measure. It is essential to prevent malicious users from

misusing online forms. For security reasons, validation must be performed on the server
side. This shows the importance of server-side validation in terms of safety. One of the most
common sources of security breaches is inaccurate form input validation. It makes your
website vulnerable to malicious like header injections, cross-site scripting, and SQL
injections.

 Passwords.

In order for the website to be secure especially after editing the contents of the website,
users must set a password. The most common way is to create a strong and make the
password longer, which makes it difficult for intruder from accessing pr modifying the
website.

 Denying File Uploads.

On your local system, do not utilize the user-supplied file name as a file name. Create your
own unique file name instead. The web server will own any file user’s upload. However, it
only requires read/write access, not execute access. To prevent the server from identifying
files, it can sometimes be effective in eliminating the execute permission from directories.

 HTTPS

When you implement HTTPS on the site, users need to host with a dedicated IP address.
Once the users have the IP address, purchase and request the SSL Certificate to redeem
the certificate. Then install the certificate to the server. Allow a few minutes for the website to
update, then confirm that you can access the HTTPS:// version of the website.

 Website Security Tools.

Following the website security best practices, such as having a website firewall; using the
most recent version of the website CMS, plugins, themes, and third-party services;
implementing strong password requirements; and only granting the sort of access that
someone needs to complete tasks, can help you secure your website.