Webmasters Stack Exchange
Webmasters Stack Exchange

Questions tagged [security]

Preventing a system from unauthorized access, modification, disruption, or destruction.

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

585 questions
35
votes
9 answers

Tools to check for common vulnerabilities?

Are there any good tools (desktop or online) which allow you to check whether your website has common vulnerabilities (e.g. SQL Injection, XSS)?
jessegavin
  • 2,158
  • 1
  • 25
  • 27
8
votes
3 answers

Is website security accreditation worth having?

My site handles sensitive data, is there any website security accreditation that is well respected and worth having?
dangerousdave
  • 133
  • 4
7
votes
3 answers

Found Odd File on Site: Should I Be Concerned?

I found a php file that was uploaded to our web server that had sneaked past our form validation. I did some searching and there was very little information regarding this file, however the small amount I found definitely made it seem malicious.…
Vecta
  • 369
  • 1
  • 5
6
votes
3 answers

Why don't we see websites hashing passwords before sending them?

(Note about the question title: by "we" I mean myself) Everytime I log on to any website, I have this thought that website asking me for my password and sending it back to the server is just basic security engineering. Why do all the websites send…
d33tah
  • 171
  • 1
  • 5
6
votes
2 answers

Hiring security auditors...what should I know?

I want to hire someone to do a security audit of my website but I'm not sure how to go about it. Where are good places to look for an auditor? Besides a list of referrals, what should I be looking for in an auditor? What qualifications should…
J.T. Grimes
  • 190
  • 6
4
votes
2 answers

How to help WikiLeaks remain up and running?

WikiLeaks is under a lot of attack. It has been ousted from DNS servers, Amazon has kicked it out. It is facing massive DDOS attacks. Under these circumstances what can WikiLeaks do to remain afloat?
Anonymous
4
votes
4 answers

PCI DSS compliance for a VPS using Centos

I have a VPS with linode, great hosting by the way. I am confident with centos apache ect but I know nothing about PCI DSS compliance, I usually let SagePay or PayPal deal with it. But I have a client that is interested in not having customers go…
user754703
4
votes
3 answers

How Do You Store Website Backups?

I'm not that great about backing up my site, which is something I want to improve on. Currently, I save backups of my site on my local computer and on an external thumb drive. I was thinking of purchasing some online storage so I could store my…
sooprise
  • 101
  • 2
3
votes
2 answers

Is there a way of listing files for a directory if it contains index.html?

On my server (over which I have little control), directories are listed by default, so for mysite.com/images I get: Index of /images Parent Directory BirdsAreHere.png CanYouSpot-AdBlank.jpg etc. Is putting an index.html in that directory…
fredley
  • 193
  • 1
  • 7
3
votes
3 answers

Keeping your text entry fields secure

I've noticed over the past few days someone has been entering text like the following into my comment fields : lorcet unendurable imperfections
Mongus Pong
  • 258
  • 2
  • 6
3
votes
2 answers

What does this code mean that was placed in my hacked Web site?

My website was hacked, with the following code added to the end of the page: (The id had an 8 digit number in place of the ########) The link didn't work. Also,…
Ari
  • 161
  • 9
3
votes
1 answer

How do I get my website unblocked in Pakistan?

TL;DR: My website is blocked in Pakistan, how do I get it unblocked? I've had reports that my website QuranX.com is inaccessible from Pakistan. I've had a number of people confirm this. It seems that Pakistan has blocked my website on blasphemy…
QuranX Administrator
  • 133
  • 4
2
votes
1 answer

Cannot get Content-Security-Policy to work

I'm trying to implement CSP, but cannot make the script-src work correctly. I strongly want to avoid unsafe-inline, but all attempts to circumvent this by using sha256 hashes seem to fail. This is what happens: Several tags on the page are being…
Hagen von Eitzen
  • 444
  • 2
  • 10
2
votes
1 answer

Web Directories Monitor Script

I have some troubles with injections on my shared hosting account where I run a lot of sites with a lot of different technologies: wordpress, drupal, joomla, osticket etc... I installed wordpress file monitor for wordpress and that seems to report…
edelwater
  • 220
  • 2
  • 8
2
votes
3 answers

AVG says web site is not secure

Recently a co-worker viewed our site from a different location. He said that AVG came up and said the site was not secure and blocked the site. However, when I run the site through AVG it says the site has no malware and no potential threats. We…
user37455
  • 21
  • 1
1
2 3