how to protect website from hackers

                                    HoW TO PROTECT WEBSITE FROM HACKERS

You may think of a ways how hackers have the privilege of hacking you website.
Yes hacker have the that privilege when your defense for your website is not strong.
In other to protect your website follow the below ways:

• Keep software update

This applies to both the server operating system and any software you may be running on your websites such as CMS or FORUM.
When website security holes are found in software,hackers are quick to attempt to abuse
them.if you are using a managed hosting solution then you don't need to worry so much about applying security updates for the operating system as the hosting company should take care of this.
If you are using third party software on you website such as CMS or FORUM, you should ensure you are uick to apply any security patches.Most vendors have a mailing list
or RSS feed detailing any website security issues.WordPress,Umbra co and many other CMS notify you of available system updates when you log in.

• SQL injection

SQL Injection attacks are when an attackers uses a web form field or url parameter to gain access to or manipulate
your database.When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables,get information and delete data.You can easily prevent this by always using paramerised queries
most web languages have this feature and it is easy to implement.Consider this query:
/ESELECT * FROM table WHERE column="/parameter\ESELECT';\
If an attacker changed the URL parameter to pass in ' or '1'='1 this will cause the query to look like this:
/ESELECT * FROM table WHERE column =' OR '1'='1';\ since '1' is equal to '1' this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

•  XSS

Cross site scripting is when an attacker tries to pass in JavaScript or other scripting code into web form to attempt to run malicious code for visitor of your site.
When creating a form always ensure you check the data being submitted and encode or strip out any HTML.

• Server side validation/form validation/form

Validation should always be done both on the browser and servser side.The browser can catch simple failure like mandatory fields that are empty and when you enter text into a numbers only field.
These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting cod ebeing inserted into database or could cause undesirable results in your website.

• PASSWORD

passwords should always be store as encrypted values, preferably using a one way hashing algorithm such as SHA. using this method means when you are authenticating users you are only ever comparing encrypted values.For extra website security it is a good idea to salt the passwords,Using anew salt per password.

• FILE UPLOAD

Allowing users to upload files to our website can be a big website risk, even if it's simply to change their avatar.Because it may contain a script that when executed on your server completely opens  your website.

DON'T FORGET TO COMMENT