Developing an interactive secure website Research Paper

Developing an interactive secure weavesite - Research Paper ca useThe extensive growth and use of the internet over the years have created and led to websites and web applications approach more threats and vulnerabilities each day. This has thus demonstrates the importance and emphasis developers and website administrators have put on web security. vane security does not only entail securing the web application only but also securing the web server and the web users as well. This article aims at explicating the various forms of threats, attacks and vulnerabilities that web applications, servers and users face.It will also rise various methods of howto prevent, minimize and deal with security loopholes that attackers exploit. The importance of ensuring security of websites, web servers and the users cannot be underestimated (Braithwaite, 2002). Discussion in that location atomic number 18 various vulnerabilities that web applications and websites face. These threats range from security loopholes that are created during development, at the servers and at the user interfaces. This interchange will mostly focus on the security of website application developed exploitation PHP language and are SQL database driven. PHP functions Security Developing website applications using PHP is relatively easy since its syntax and semantics can easily and quickly be grasped. The buck though doesnt stop here. It has the capability of performing diverse functions when its seamlessly and flawlessly working with HTML. The feature that it is open source and also works well with other open source tools and languages such as the MySQL database ad the Apache Server makes the most preferred web development languages for developers and very much targeted by hackers and malevolent web users. Many developers, especially beginners ignore or forget the aspect of security (Shaw, 2001). It is worth noting here that even advanced developers sometimes write code that is vulnerable to a ttacks.PHP can work even if thither are security loopholes in the coding. These loopholes are not hard to locate in PHP and are what malicious web users look for. Although PHP sulleners some great features that can be used to minimize security vulnerabilities, its up to the developer to be able to utilize them (Braithwaite, 2002). Securing PHP applications entails limiting coding errors as much as possible. parking lot types of PHP security loopholes are Error Reporting This is a PHP tool that allows diagnosis of errors and quick and easier fixing. It is also emf security vulnerability when no properly used such as when errors are publicly indubitable to users on-screen. It reveals a lot of information such as security loopholes in the code. Display_errors should be glowering off or be appended a 0 value so that errors cannot be viewed on-screen by users. If the Display_error is turned on or appended the 1 value, errors will be displayed onscreen to users thus posing as a secur ity threat that hackers can exploit. You can however opt to report errors by enabling log_errors. This is done by crook on log_errors and showing the location of the log using error_log. Register_Globals Writing PHP applications is made convenient and simpler by the use of Register_Globals. This although poses a great threat in terms of security. Register_Globals should therefore be always turned off. If turned on, users who are neither authenticated nor verified can inject variables in the application thus gaining administrative access to the application. A good example is where a user may append the value ?admin =1 at the end of a page url and gain access to the sites administrative areas that might wait a secure password. e.g. if(isset($_POSTpwd) && $_POSTpwd == wxyz) $admin = TRUE If Register_Global is turned off, this kind of forced access cannot occur. Therefore, it is advisable to consider using predefined PHP variables such as $_POST, $_ENV, $_COOKIE, $_SERVER or $_GET t o ensure tight security. Cross-Site Scripting (XSS) Hackers use this method to collect website