Click to Play

Win a Negative Keyword List...
For those of you launching or currently operating a negative keyword campaign, WebProNews has some great news to tell you. In this video from SMX West, Ken...

Recent Articles

Dolphin Stadium Hacked For Super Bowl
In what is becoming far too normal, the Dolphin Stadium Web Site was hacked for a few hours and was delivering malware to people who visited it. The American Football League is looking for information on the hacker...

Monster Gets A Monster Of A Hack Again
Monster has been been hacked again, along with USAJobs.gov (which monster runs), this time with a loss of information for people who are seeking jobs.

Learning Hacks The Chinese Hackers Use
You might be surprised by how mundane this list is, most security engineers should have them in their toolboxes as well. A few here are new to me, and worth sharing. The Dark visitor has a list of common tools that Chinese...

Security Professional Need To Test Network Penetration
How do you tell a good security company from a bad one? That is the problem, do you really know you are getting the experts you are paying for. Businesses hire experts to do pen testing and audit their company...

02.23.09

Securing Your Site With Google Advice

By Navneet Kaushal

Hacking is a major problem that is increasing day by day. The Internet world is flocked with hundreds of, infact of thousands of anti hacking software but their effectiveness is still in question! In a recent post at Google's Webmaster Central blog, Search Quality Team of Google talks about two most common attacks resulting in hijacked websites: SQL injection and cross-site scripting (XSS).

In order to prevent SQL injections, "it's a good practice to add a layer between a form on the front end and the database in the back end. In PHP, the PDO extension is often used to work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement. Another really easy technique is character escaping, where all the dangerous characters that can have a direct effect on the database structure are escaped. For instance, every occurrence of a single quote ['] in a parameter must be replaced by two single quotes ["] to form a valid SQL string literal."

For preventing cross-site scripting (XSS), Google recommends the following measures:

Stripping the input that can be inserted in a form (for example, see the strip tags function in PHP);

Using data encoding to avoid direct injection of potentially malicious characters (for example, see the htmlspecialchars function in PHP);

Creating a layer between data input and the back end to avoid direct injection of code in the application.


Tune into the post for more information!

Comments


About the Author:
Nav is the founder and CEO of Page Traffic, a premier search engine company known for its assured SEO service, web design and development, copywriting and full time SEO professionals.

Navneet has wide experience in natural search engine optimization, internet marketing and PPC campaigns. He is a prolific writer and his articles can be found in the "Best Articles" section of many websites and article banks. As a search engine analyst , he has over 9 years of experience and his knowledge is in application here.
About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.





NetworkNewz is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com





-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article


The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact