Topic: How to start out making a secure site? (Read 799 times)

Simple answer. If you need to ask how to secure something, get someone else to secure it.

Security is the most important thing with regards to websites. If you want to be able to handle security yourself, you must be able to understand the logic of the attacks which may be performed on your website. You will need to understand the risks and take measures accordingly.

The above isn't an insult. It is meant to inform. Everyone has to start somewhere, and everyone learns and can become an expert. The amount of people who I see starting out in your exact position, getting someone post something like my message and 4 years down the road seeing them again being knowledgeable within their field is incredible. Most of my fellow programmers had this experience, and I did as well.

I'd focus on getting a website complete first. Make your website, program it, and then deal with security before release. You will start to realize (based off logic) what security exploits may be available and when you look up other security exploits, they may make more sense.

Good luck
Posted from Bitcointa.lk - #QielcxFf9Z1dBk7u

Clearly you are clueless when it comes to this stuff.

You need to tell us what it is you are trying to protect. Usually that means securing and protecting your database.

I suggest you hire a skilled sys admin and get a server in a large data center. Not some data center maintained by some Joe shmo.

You need to secure your website from the OS level down to the script running your application. I assume you had a web based front interacting with a back end database. There are numerous technologies but you can't  go wrong with MySQL for database and python or php for the web backed.  NodeJS is a new popular alternative as well.

The most common point of entry is your application. The web backed. If you use public software such as this forum then the odds of exploitation increase significantly. Properly coded custom scripts are pretty secure if developed by a competent developer with security in mind.

Make sure to keep your database, OS, and web server technology up to date. For web server I recommend nginx. The Russians set a new standard with that.

SSL will secure your communication between the server and client. Man in the middle attacks are pretty common these days. End to end encryption is always recommended especially when communicating sensitive information.

As i said before I suggest you speak to a highly skilled sys admin and some talented backed developer with focus on security as you seem pretty clueless.


I doubt anyone here can give you any pointers until you explain what it is you are trying to protect and secure.

You can never go down if you think like a blackhat and leverage some common sense.

I once developed a site before, and there was someone that worked for me, and he did a good job of making the site secure.  He did things like honeypot, ssl, etc.

So how does one develop a website securely from get get-go?