Hey noobie here. Am getting into web dev and would like to have any resources that guide to better and safeguard against possible attacks. Any references to existing code or tutorials are much appreciated but like listing out types of attacks and their safeguards are also helpful.
You should be more specific about what you plan on creating, e.g., a static blog or an online shop.
1 Like
There are lots of attacks, and not all might be relevant. If we are talking about application security, you should understand what those basic attacks are first.
Other than that, security becomes specific to what you are building, like what any1 said.
1 Like
mb. So right now maybe just a mock up of delivery apps including the website part. So i am thinking authentication, database injection are the ones that come off the top of the head. Things like DDoS and others are also possible for such sites eh?
Hey ty. I came across the list, but I need help with the resources to actually learn to address those problems. Do you have any particular resources to guide how to address the attacks/compromises listed?
Sorry man this is not a 5 minute craft. People spend years in college to learn such. You gotta go study.
1 Like
This is the more blunt way of saying it.
Before you secure anything, you’ve gotta understand it. Poorly securing things can give a false sense of security.
If you are new to web dev, I’d suggest focusing on building a working application. It’s way more important (when starting out) to build working things. At the same time, you’ll learn more about web technology.
It’s great you are thinking of security now, but I would recommend learning more about it after getting the hang of web dev. Other than that, go hit some books.
2 Likes
name a book/course then. Great response with the “go study” in a thread asking for resources for the same
5 Likes
I got my degree here: Information Security
But I tell you if you want to get good. You have to study yourself. Find answers to things. Try to narrow down what you want to know. “Being secure” is waaay to broad. You gotta dive into details one by one. Try things out, reading a book isn’t going to get you anywhere.
Telling someone to study by themselves without a book is a bit ironic. I get what you’re going at, but also we all gotta start somewhere.
But at the same time, just DuckDuckGo some “web application security books”, read some reviews and blogs, triage Reddit, find something on Coursera, and just find a jumping off point. This is all I was going to do 
I learned in an academic setting as well, so I have no explicit suggestions.
Knowing how to research is half the battle, and will be an ongoing thing for the rest of a career in software development.
If you’re hankering to have someone point you in a direction, I’d recommend finding a security subreddit. This forum is more-so privacy enthusiasts, not necessarily an application security development focused place.
3 Likes
Studying for this field particularly isn’t really suited to do with books. You just have to try stuff.
But yeah would agree this isn’t much of a dev and sec forum.
The problem with this question is more that ot suggets there is some quick guide to do this. Which there is not. You will need to practise. I see a lot of these questions coming in from younger people these days. It takes more courage to learn something.
I also agree you should learn how to make a website in the first place for a start.
Is there resources on how to secure a static blog?
There are multiple ways to secure your blog and using google is a great way to start. Do you already have the blog?
- Did you choose a reputable host that offers DDoS protection and SSL certificates?
- Use a robust passcode (password or passphrase with at least 78 bit entropy)
- Use plugins for 2FA
- Encrypt the database and ensure correct permissions are set in the server side to prevent viewing of the database
- Backup the data and encrypt as well
- Always update your plugins! (example of what could happen below)
Ghostscripted: How 4chan Got Haunted by 2012 Tech - Portnox
This popped up with just a quick search that provides you with some ways to begin.
Something that could also be added to this guide would be a temporary/disposable static website through Micah Lee’s own OnionShare. More of an anonymity choice in the short-term though. You may find this helpful when building a basic static website and finding an excuse to play with the Tor Network.
At least from what I know, it was meant to be a secure way to “send” a website to someone. Nothing wrong with hosting it on your computer on the short-term though. All this is entirely based on your computer so runtime might be an issue…that is you haven’t decided to host a dedicated OnionShare server for this purpose.
It depends on what setup you have. Hugo with GitHub Pages? Do you use your own servers?
Interesting. I will use the information I gathered from this thread as a starting point and read deeper into it. Thanks to all for participating in the thread
1 Like