now browsing by category


Securing your data and password online


Quite often I get into conversations with people about the security of their personal data when they put it online. This often stems from the fact that I do not use my real name in my facebook account. ‘Why?’ they ask and the conversation starts. The answer for me is obvious but many people are oblivious to the dangers of throwing their data around the internet.

Have you ever Googled your own name?

Try it and see what comes up. I search names all the time. Web spiders crawl the internet consistently and the data they can extract is incredible. Some people may not mind Google knowing everything about them, but personally is rubs me the wrong way as I have never given them permission to collect my data.

Read the rest of this page »

Securing forms and URL data submissions.


Please see my article Vulnerabilities in forms and URL Parameters for more info on the vulnerabilities.

There are a few ways the data transmissions from forms and URL parameters can be made more secure. Some of these practices can be used, or all, for extra security. Below I’ve listed a few important guidelines and other tips that can be used to secure forms.

Golden Rule #1
Never rely on Javascript for error checking or to validate the content submitted. This is a poor mistake to make. Javascript is easily hackable because it is client-side script. This means that the processing of the code is carried out on the clients machine, the server-side script has no control over it. So a user can edit this code and change the way it processes data. This leads onto the next rule!

Read the rest of this page »

Vulnerabilities in forms and URL parameter data


One of the most commonly overlooked areas in web design is the transfer of information via forms and URL parameters. I see it quite often and this can open a website to dangerous vulnerabilities. There are many practices that should be carried out to keep a website secure but this focus purely on the passing of data between pages via form and URL parameters. This article assumes you have some amount of knowledge on HTML and server side scripting.

So what is the problem?

The problem is that the content of forms and parameters can easily be changed. It is one of the easiest ways to hack a website. Anyone can view the code and edit an input value without too much fuss. A URL parameter can be edited right within the URL address bar. Both of these situations can be done by anyone viewing your website without any special software or extensive experience.

Read the rest of this page »