What are the best ways to protect your scripts/site from xss, and other attacks?
so far, my EvulCMS 2.0 i think is going to be secure...
i've looked at, studied, ripped apart, and rebuilt countless CMS tutorials , user admin systems, etc... downloaded phpbb, smf, php-nuke, php-fusion ripped them apart, and studied their structures...
My previous version wasn't OOP oriented, as i hadn't really used classes yet. but since v5 was released... why not teach myself something that would make life alittle easier.
public static function Clean($string)//Create a clean function
if(get_magic_quotes_gpc())//If magic quotes is enabled
$string = stripslashes($string);//Remove slashes from the string
$string = addslashes(trim($string));;//Add slashes to the string then trim is
$string = escapeshellcmd($string);//Remove all SHELL commands
$string = mysql_real_escape_string($string);//Stop MOST MySQL injections
$string = stripslashes(strip_tags(htmlspecialchars($string, ENT_QUOTES)));//Remove XHTML, remove slashes
return $string; //Return the final string
i actually used this, well not exactly... obviously rewrote for my system, but concept, and structure are pretty much the same...
i was curious... This, along with using a quad encrypt system. will this help prevent most typical web based attacks on a system?
i mean obviously, NOTHING is 100% secure, but something like this should help at the very least SLOW down an attack process to a snails speed... giving logging system time to log and warn the admin about possible attacks.
Also, i was wondering.... how would you monitor a site for typical web based attacks, to be able to log info about the attack? pretty much for any CURL attempts, bruteforcing, injections, etc...
Not that im expecting to be attacked, i just want to make sure things are as secure as possible. not only for security purposes.... but as a learning process.
"Knowledge is power. Abuse it."~Evulness
My portfolio: www.evularts.com