Secure A Website From Hackers
An organization can adopt the following policy to protect against web server attacks.
Sanitizing and validating custom parameters before submitting them to the database for processing can help reduce the likelihood of a SQL injection attack. Database engines like MS SQL Server, MySQL, etc. support parameters and prepared statements. They are much safer than traditional SQL statements.
Denial of Service Attack
firewalls can be used to drop traffic from a suspicious IP address if the attack is a simple DoS attack. Correctly configuring networks and intrusion detection systems can also help reduce the likelihood of a DoS attack being successful.
Cross Site Scripting
validating and cleaning up headers, URL parameters, form parameters, and hidden values can help mitigate XSS attacks.
this can be prevented by encrypting the content of the cookies, disabling cookies after some time, associating cookies with the IP address of the client that was used to create them.
this can be avoided by validating user input before processing it.
this can be avoided by treating all parameters as data rather than executable code. Disinfection and inspection can be used for this.
A good web application development security policy should ensure that it covers commonly used vulnerabilities to access the web server. These can be the correct configuration of the operating system, web server software, and security best practices when developing web applications.