Click here to Skip to main content
13,146,402 members (50,276 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


4 bookmarked
Posted 12 Apr 2010

Secure Your Website, Put Bouncers at the Door (Part 1)

, 12 Apr 2010
Rate this:
Please Sign up or sign in to vote.
Sure your website by putting bouncers at the door

A good website is much like a nightclub, we want the general population to be able to use the facilities freely (or for a nominal fee!) but we don’t want the trouble makers that will spoil it for everyone. Pushing the analogy further, nightclubs have a few different types of security in place:

High ProfileBouncersFilter out trouble makers at point of entry
 Internal SecurityEject people that become troublemakers
Low ProfileBars on Windows
Alarmed Exits
Prevent people sneaking in
 Metal Detectors
Security Cameras
Passively check for people about to cause trouble

As web developers, we have a very similar set of tools that we can use to secure our website:

High ProfileInput Validation
(Metal Detectors)
Filters out bad information early
Allow members on to the site
(Bars on Windows)
Prevent people monitoring user traffic
Low ProfileInput Sanitation
(Security Cameras)
Filter out bad requests
(Bars on Windows)
Hide sensitive pages from popular web spiders
 Network Segregation and Infrastructure
(Alarmed Exits )
Control access to sensitive information

There’s lots of information out there about configuring the High Profile security measures and Network Segregation and Infrastructure is best implemented by the network specialists (it doesn’t hurt to understand the basics) and these things are generally well implemented.

As web developers, we have to worry about the things that happen inside the website, making sure that the front entrance is the only way in and limiting the damage if someone does get in. So our implementation priorities for any website have to be:

  1. Input Validation – Every piece of information that comes from the client is suspect and should be validated, this includes query string, form fields (even hidden ones!) and cookie values
  2. Input Sanitation - Ensure that any inject SQL or XSS script is neutralised
  3. Robots.txt – It may not be a bullet proof defence if someone’s targeting your site, but at least you can minimise drive-by hacking through Google!
  4. Authentication – Allow only authorised users through
  5. HTTPS – Secure the traffic from client to server

In Part 2, I’ll go over some of the best practises that we can follow, as developers, to make our website secure.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Martin Jarvis
Software Developer (Senior) Freestyle Interactive Ltd
United Kingdom United Kingdom
I'm a lead developer for Freestyle Interactive Ltd where we create many wonderful websites built on Microsofts ASP.Net and Ektron CMS.

I've been developing .Net applications (both Windows and Web) since 2002.

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170915.1 | Last Updated 12 Apr 2010
Article Copyright 2010 by Martin Jarvis
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid