How you secure your website. - GoFuckYourself.com

muthisdev · 01-21-2016, 12:06 PM

Hi GFY!

Those of you on here who have websites: how do you make sure your site is secure?

Those of you on here who have custom coders: How do you make sure the code they write doesn't open you up to hackers? How do you make sure they use best practices?

Those of you on here who have software products: how do you secure your product? What practices do you use? How do you defend against things like SQL injection and arbitrary code execution?

MakeMeGrrrrowl · 01-21-2016, 12:12 PM

Quote:

Originally Posted by muthisdev

Those of you on here who have custom coders: How do you make sure the code they write doesn't open you up to hackers? How do you make sure they use best practices?

You trust your programmer knows what they're doing? That's what I do.

I would trust my programmer with pretty much everything.

Barry-xlovecam · 01-21-2016, 12:43 PM

Use a premium quality host if you are a smaller website operator.
Always only allow safe user input.
Use well branded open source software so you can see all of the code executed by it.
Learn enough about code to be able to judge for yourself or pay someone who knows so that you can trust their opinion.

muthisdev · 01-22-2016, 01:44 PM

Quote:

Originally Posted by MakeMeGrrrrowl

You trust your programmer knows what they're doing? That's what I do.

I would trust my programmer with pretty much everything.

That makes a lot of sense if you've had the same coder for a long time.

What if you're hiring a new coder?

muthisdev · 01-22-2016, 01:45 PM

Quote:

Originally Posted by Barry-xlovecam

Use a premium quality host if you are a smaller website operator.
Always only allow safe user input.
Use well branded open source software so you can see all of the code executed by it.
Learn enough about code to be able to judge for yourself or pay someone who knows so that you can trust their opinion.

Does anyone on GFY do penetration testing? Do you see it as a service that would be useful on here?

trevesty · 01-22-2016, 02:06 PM

Quote:

Originally Posted by muthisdev

Does anyone on GFY do penetration testing? Do you see it as a service that would be useful on here?

There's a couple guys who do pen testing on here. I'm not sure there's much of a market for it in adult. The big boys(who are usually the least secure from my experience) think they're way more secure than they are, so won't hire outsiders usually. Not many people are willing to pay the premium to make sure they're truly secure in adult, but there are a few who have / do.

deonbell · 01-22-2016, 02:25 PM

Most people here have small sites. The new thing is bug bounties. Sign up for HackerOne and look at the top guys. Follow them on twitter. I have a hackerone profile, But I am slow and old, So I have found no bugs yet.

One guy gave me $40 paypal and another guy offered me a costume when I found a reflective XSS bugs in their site. You can do that on XSSposed.org. But most of those easy bugs are being found and reported. More people are getting keen on sanitizing their user input.

Just a few days ago a guy found an XSS bug in yahoo mail. They gave him $10,000.
I think he was on Bugcrowd.

Just got through playing with Burp Suite today. Figuring out how it works. Fun stuff. But I probably shouldn't have run the spider function. I may get in trouble for that. Burp acts a proxy between your browser and a site. You can intercept input and change parameters before passing on the data to the site.

kkkkkk · 01-22-2016, 02:26 PM

clickity click · 01-22-2016, 03:15 PM

I use wordpress on shared hosting with some security plugins.
I know it's not ideal..

MakeMeGrrrrowl · 01-22-2016, 06:05 PM

Quote:

Originally Posted by muthisdev

That makes a lot of sense if you've had the same coder for a long time.

What if you're hiring a new coder?

I would cry.

brassmonkey · 01-22-2016, 06:08 PM

giant bitch named rose

Barry-xlovecam · 01-22-2016, 07:29 PM

Quote:

Originally Posted by muthisdev

Does anyone on GFY do penetration testing? Do you see it as a service that would be useful on here?

I know someone whose brother does penetration testing for larger companies not from GFY

Pete's brother is certified to do PCI audits. People that are qualified to do audits and web server penetration testing are too expensive for 97+% of the audience I see here.

Sarn · 01-22-2016, 07:49 PM

put your script. adjust to keep the logs on another server.
doing permanent backup on another server.
read logs and constantly monitors the server.
after ferst cracked - look at the logs as and the fixes in it backups
load fixed backups on new server
repeat until the hacks do not stop
You can leave a note for the hacker reward for the found vulnerabilities - This will reduce the likelihood of damage to you.

adultmobile · 01-23-2016, 08:41 AM

Don't advertise your program in black hat and botnet forums.

01-21-2016, 12:06 PM	#1
muthisdev Confirmed User Industry Role: Join Date: Jan 2016 Posts: 300	How you secure your website. Hi GFY! Those of you on here who have websites: how do you make sure your site is secure? Those of you on here who have custom coders: How do you make sure the code they write doesn't open you up to hackers? How do you make sure they use best practices? Those of you on here who have software products: how do you secure your product? What practices do you use? How do you defend against things like SQL injection and arbitrary code execution? __________________ <?= base64_decode("aHR0cDovL211dGhpc2Rldi5jb20v") ?>

01-21-2016, 12:43 PM	#3
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Use a premium quality host if you are a smaller website operator. Always only allow safe user input. Use well branded open source software so you can see all of the code executed by it. Learn enough about code to be able to judge for yourself or pay someone who knows so that you can trust their opinion.

01-22-2016, 02:25 PM	#7
deonbell Confirmed User Industry Role: Join Date: Sep 2015 Posts: 1,045	Most people here have small sites. The new thing is bug bounties. Sign up for HackerOne and look at the top guys. Follow them on twitter. I have a hackerone profile, But I am slow and old, So I have found no bugs yet. One guy gave me $40 paypal and another guy offered me a costume when I found a reflective XSS bugs in their site. You can do that on XSSposed.org. But most of those easy bugs are being found and reported. More people are getting keen on sanitizing their user input. Just a few days ago a guy found an XSS bug in yahoo mail. They gave him $10,000. I think he was on Bugcrowd. Just got through playing with Burp Suite today. Figuring out how it works. Fun stuff. But I probably shouldn't have run the spider function. I may get in trouble for that. Burp acts a proxy between your browser and a site. You can intercept input and change parameters before passing on the data to the site. __________________ Fake Naked Celebrity Sex Gallery

01-22-2016, 06:08 PM	#11
brassmonkey Pay It Forward Industry Role: Join Date: Sep 2005 Location: Yo Mama House Posts: 77,259	giant bitch named rose __________________ TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

01-23-2016, 08:41 AM	#14
adultmobile No, I am not banned Industry Role: Join Date: Nov 2003 Location: ChatGF.com Posts: 5,345	Don't advertise your program in black hat and botnet forums. __________________ TubeCamGirl.com

01-22-2016, 02:26 PM	#8
kkkkkk svp get banned svp Industry Role: Join Date: Dec 2005 Posts: 1,628

01-22-2016, 03:15 PM	#9
clickity click So Fecking Bummed Industry Role: Join Date: Aug 2014 Posts: 3,682	I use wordpress on shared hosting with some security plugins. I know it's not ideal..

01-22-2016, 07:49 PM	#13
Sarn Lest we forget Industry Role: Join Date: Sep 2015 Location: Russia Posts: 12,036	put your script. adjust to keep the logs on another server. doing permanent backup on another server. read logs and constantly monitors the server. after ferst cracked - look at the logs as and the fixes in it backups load fixed backups on new server repeat until the hacks do not stop You can leave a note for the hacker reward for the found vulnerabilities - This will reduce the likelihood of damage to you.