There are a few things you can do to help secure your web applications:
- Use well-written code. As obvious as that sounds, many administrators will hire third-party developers or install untested proprietary software without considering how reliable it actually is. Before you commit to it, do some research and test it. Moreover, if you are using an open source web app, make sure you keep it up to date and always stay abreast on the latest security enhancements.
- Use added protection. Even if you think your code is perfectly secure, it does not hurt to have extra protection. An application firewall can go a long way in preventing unexpected attacks. It can plug holes where you did not even know they could possibly appear. There are also some general scripting exploits that you can prevent with the right tweaking and careful monitoring.
- Scan for Vulnerabilities. Perhaps the most solid step you can take to prevent attacks is to find out which ones pose the most serious threat. Are you vulnerable to cross-site scripting (XSS), SQL injection, or some exotic attack method that has yet to be cataloged? By scanning for vulnerabilities, you can locate problems and eradicate them. For a list of web application scanners, see SecTools.org.
Your web applications do not have to be death traps. With well-written code, an application firewall, and diligent scanning for vulnerabilities, you can focus your attention on your site’s visitors rather than its attackers.