Website Security for Webmasters

[snakeair]

Nice blog post on the Google Webmaster blog.

Quote:

Users are taught to protect themselves from malicious programs by installing sophisticated antivirus software, but often they may also entrust their private information to websites like yours, in which case it’s important to protect their data. It’s also very important to protect your own data; if you have an online store, you don’t want to be robbed.

Over the years companies and webmasters have learned—often the hard way—that web application security is not a joke; we’ve seen user passwords leaked due to SQL injection attacks, cookies stolen with XSS, and websites taken over by hackers due to negligent input validation.

Today we’ll show you some examples of how a web application can be exploited so you can learn from them; for this we’ll...

Continued at: http://googlewebmastercentral.blogsp...ebmasters.html

[johnpitter]

First of all webmaster have to make their websites SQL injection free. SQL injection is a best way for hackers so we have to keep care of it as a good developer or webmaster.

[Dan Williamson]

You can't seriously think so linear though John, sure SQL Injection may be common, however to just eliminate any chance of SQL Injection would be pointless, especially if while focusing on only SQL Injections you leave your website open to basic XSS exploits.

That's why security consultants charge crazy-figures because the general web developer doesn't have the mindset for proper security implementation.