Security Recommendations

The recommendations for this chapter are similar to those mentioned time and again in this book. Specifically they are the following.

1. Password strength Probably the single greatest lesson to be learned from this chapter is the need to strengthen passwords, as doing so covers both brute forcing (Whisker and Brutus) and session impersonation (Achilles and Cookie Pal). Strong passwords lie at the heart of any secure Web site and should be at least 7 characters long and be made up of numerics, characters, and meta-characters such as ?!@#$.

2. System and Web server logging When brute force tools such as Whisker and Brutus are used, a Web server can receive hundreds of password attempts within a few seconds. Requiring logging onto both the system and the Web server itself goes a long way toward detecting an intruder's password hack attempts.

3. Input sanitization As discussed frequently in this book, script developers must sanitize the input received from a user. The data submitted should be checked for data type (integer, string, etc.) and stripped of any undesirable characters such as meta-characters.